Nine Days Later, Flash Zero-Day CVE-2016-4117 Already Added to Exploit Kits
Security Update : It took crooks less than two weeks to weaponize the most recent Flash zero-day, which they’re now using as a module inside the Magnitude exploit kit.
On May 8, Adobe pre-announced the release of a critical Flash security flaw exploited in the wild by attackers. On May 12, the company lived up to its word and patched the issue with the release of Adobe Flash Player 220.127.116.11.
The following day, FireEye researcher Genwei Jiang, the man who discovered the Flash exploit used in the wild, revealed the technical details of CVE-2016-4117, the identifier assigned to this security bug.
Surprisingly, CVE-2016-4117 was not a Web-based exploit, but an attack delivered via Office files that contained a Flash o… (read more)