![]() ![]() Intego VirusBarrier with up-to-date malware definitions protects Mac users against the Microsoft Silverlight exploit, detected as W32/CVE-2016-0034. The update to Microsoft Silverlight 2.0 addresses this vulnerability by correcting how Microsoft Silverlight validates decoder results. Microsoft confirmed the zero-day (CVE-2016-0034) and issued a patch on January 12, 2016. And to exploit the vulnerability, “an attacker could host a website that contains a specially crafted Silverlight application, and then convince a user to visit the compromised website,” often by enticing them to click a link in an email or instant message.Įxploit kits are typically based on a “drive-by download attack” delivery technique, and installation can start silently in the background simply by visiting a website. ![]() The remote code execution vulnerability exists when Microsoft Silverlight 5 (before 2.0) “decodes strings using a malicious decoder that can return negative offsets that cause Silverlight to replace unsafe object headers with contents provided by an attacker,” according to the Microsoft security team. ![]() The vulnerability that is being exploited is described as follows:ĬVE-2016-0034 : Microsoft Silverlight 5 before 2.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka “Silverlight Runtime Remote Code Execution Vulnerability.” This update detects the minimum bundle version for Silverlight, protecting Mac users from Microsoft Silverlight 5 before version 2.0. Malware + Security News Apple Updates XProtect to Detect Microsoft Silverlight Exploitįollowing the discovery of a Microsoft Silverlight exploit, Apple has updated its ist malware definitions file to version 2073.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |