On February 4, Adobe released an out-of-band update for Adobe Flash Player. The update addresses a critical remote code execution vulnerability that is being actively exploited in the wild. The update applies to Windows, Mac OS X, and Linux.
We are currently analyzing details and indicators. Watch this space for updates, indicators, and more information about this threat.
Current McAfee product coverage and mitigation:
- McAfee Vulnerability Manager: The FSL/MVM package of February 5 includes a vulnerability check to assess if your systems are at risk.
- McAfee Application Control: Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
- McAfee Network Security Manager: The Network Security Emergency User Defined Signature (UDS) release of February 6 provides detection for this threat.
- McAfee VirusScan: The 7343 DAT Release (February 8) contains coverage for known, associated, malware. Detection names include Downloader-FJI!D8137DED710D, Trojan-FDNV!CBBFA76CD5ED, and Trojan-FDNU!26B34D3DF337.
- McAfee Web Gateway: The 7343 DAT Release (February 8) contains coverage for known, associated, malware. Detection names include Downloader-FJI!D8137DED710D, Trojan-FDNV!CBBFA76CD5ED, and Trojan-FDNU!26B34D3DF337.
References:
- Adobe: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- OSVDB: http://osvdb.org/show/osvdb/102849
- NVD: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497
- McAfee: http://www.mcafee.com/us/content-release-notes/
The post Product Coverage and Mitigation for CVE-2014-0497 (Adobe Flash Player) appeared first on McAfee.