Hi, On 01/23/2015 01:44 PM, chris.rebischke@gmail.com wrote:
The malware researcher 'kafeine' found an 0day in Flash used by Angler EK malware. The CVEs:
CVE-2014-8440 CVE-2015-0310 CVE-2015-0311 <- The 0day
Actual Version flash version in archlinux: flashplugin 11.2.202.429-1 Is our version vulnerable too? Have somebody some information about this?
According to the information provided by Adobe in [1], I think so. Unfortunately there is not much information available on the issue and no fix available as far as I know, therefore I would recommend completely disabling the flash plugin, which might be a good idea if you care about security anyway. Oh and please don't hijack existing unrelated thread for starting a new topic :) [1]: http://helpx.adobe.com/security/products/flash-player/apsa15-01.html