⭐計字第104036號
發佈編號
TACERT-ANA-2015071309075050
發佈時間
2015-07-13 09:17:53
事故類型
ANA-漏洞預警
發現時間
2015-07-10 00:00:00
影響等級
低
轉發 趨勢科技 漏洞/資安訊息警訊
趨勢科技近來發現一個嚴重的漏洞(CVE-2015-5119),這個漏洞影響所及遍布所有版本的Adobe Flash。Adobe Flash遭到入侵後可能會當掉,駭客也可能取得受害系統的控制權。Adobe已經發布了一則安全公告並建議用戶儘速套用安全性更新。
最近對台灣造成重大影響的勒贖軟體(Ransomware)也可能透過此漏洞進行攻擊,並針對重要檔案進行加密。
此外我們也觀察到已經有部分台灣網站遭受駭客入侵,利用此漏洞植入後門程式。
此訊息僅發送到「區縣市網路中心」,煩請貴單位協助公告或轉發
[影響平台:]•Adobe Flash Player 18.00.194 and earlier versions for Windows and Macintosh
•Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
•Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux
[建議措施:]建議您儘速安裝原廠所釋出的安全性更新或修補程式。
[參考資料:]•Hacking Team Flash Zero-Day Integrated Into Exploit Kits (Trend Micro Security Intelligence Blog): http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/
•A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak (Trend Micro Security Intelligence Blog): http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/
•Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak (Trend Micro Security Intelligence Blog): http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
•Adobe Security Bulletin: https://helpx.adobe.com/security/products/flash-player/apsa15-03.html