UPDATE* Yet Another Flash 0day Goes Live In Angler Exploit Kit

The researcher Kafeine over at the website Malware don’t [sic] need Coffee has found that there is an active Flash 0day exploit in the Angler exploit kit capable of delivering payload.  The Flash exploit has the ability to exploit not just older versions of browsers but even Windows 8.1 running Internet Explorer 11 with all updates including Flash 16.0.0.257.  Once exploited a Hostile Actor can push a payload to commit click fraud, install a Cryptolocker, or other nasties.

Kafeine was able to show that Malwarebytes Anti Exploit is able to stop the exploit after the 0day has occurred.  Thanks Kafeine for you good work!

http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

UPDATE 23 Jan 2015:  Adobe has patched one of the vulnerabilities and will issue a patch for another later next week.

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

Post by Protocol 46