Results for flash

Security Research News in Brief - November 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications.

By Axelle AprvilleJanuary 14, 2018

Threat Research

WebAssembly 101: Bringing Bytecode to the Web

FortiGuard Labs has put together answers to some of the most frequently asked questions you may have about the new emerging technology called WebAssembly (WA). What is WebAssembly? WebAssembly is a low-level, portable, binary format for the web that aims to speed up web apps. It is designed to parse faster (up to 20X), and execute faster than JavaScript (JS). When was it announced? The WebAssembly Community Group was created in April 2015, with the mission of “promoting early-stage cross-browser collaboration on a new, portable,...

By David MaciejakApril 13, 2017

Threat Research

Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player

Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is a memory corruption vulnerability found in Flash Player’s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom...

By Kai LuJanuary 17, 2017

Threat Research

Android banking malware masquerades as Flash Player, targeting large banks and popular social media apps

Active users of mobile banking apps should be aware of a new Android banking malware campaign targeting customers of large banks in the United States, Germany, France, Australia, Turkey, Poland, and Austria. This banking malware can steal login credentials from 94 different mobile banking apps. Due to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication. Additionally, it also contains modules to target some popular social media apps. Install the malware The malware masquerades...

By Kai LuNovember 01, 2016

Industry Trends

Java Browser Plugin is Dead, Long Live HTML5!

A few days ago, Oracle announced on their blog that they plan to kill the Java browser plugin in their next major version of JDK, scheduled for release in Q1 2017. What does this mean? Should we worry about our browsing experience? This really just means that it won’t be possible to run Java applets in the browser anymore. The infamous “applet” is a technology that was developed by Sun Microsystems in the 90’s and went on to be acquired by Oracle. This technology was still popular in many exploit kits over the...

By David MaciejakFebruary 05, 2016

Threat Research

Adobe Gets Its Patch On

Researchers at FortiGuard Labs recently discovered another heap overflow vulnerability in the Adobe Flash Player. The vulnerability, CVE-2015-5129, is similar to a larger group of security issues found in Flash Player, all of which could be exploited to allow remote code execution on the host system. Although FortiGuard has not observed active exploits for this particular vulnerability in the wild, we did find multiple products that incorporate Flash with the vulnerability. This includes the Google Chrome browser. Additionally,...

By Aamir LakhaniAugust 18, 2015