Monthly Archives: February 2015

0-day in the Fancybox-for-WordPress Plugin

WordPress – the most popular open-source blogging tool and a content management system (CMS) is under attacked by hackers that targets Fancybox plugin used in WordPress. Security researchers from Sucuri issued an alert regarding the affected plugin that allows attackers to inject a malformed iframe into websites. FancyBox is used for exhibit images, HTML content and multimedia that mounts on top of Web pages. It is one of the most widely used WordPress plugins – around 600,000 times has been downloaded from the official website. According to Sucuri researchers, it’s a high risk vulnerability that allows malware to be loaded on the affected website that uses that out-dated plugin. It is in user’s interest to apply the security update on earliest basis. <more>

Adobe Flash Player out-of-band update

Adobe rolls out latest version of Flash Player 16.0.0.305 rectifying around 18 security flaws, among them a patch for 0-day exploit as well. This security update is an out-of-cycle update as Adobe normally releases security patches with Microsoft Patch Tuesday. The 0-day issue covers under CVE-2015-0313, a security flaw using an exploit kit a drop a malware on the victims machine through malvertising campaigns. Adobe advisory addresses FOUR use-after-free issues, SIX memory corruption issues, TWO type confusion issues, TWO heap buffer overflow, THREE null pointer deference and a buffer overflow. Most of the vulnerabilities allow remote execution of arbitrary code except in such cases where there is a null pointer deference that crashes the vulnerable application. Security updates are released for Windows, Linux and Macintosh OS X platforms. <more>