Watch Your Plugins: Silverlight at Risk

November 15, 2013 | By Admin
As if we needed it, we have more proof that the black hats never rest. An already notorious exploit kit has been “improved” as a weapon against innocent web users.There is a very active and lucrative market for exploit kits, tools for developing malware and exploiting vulnerabilities in software. Some of the participants in the market are doing legitimate work, identifying vulnerabilities for the purpose of warning potential hacking victims and developing counter measures.

Others have nefarious goals, such as the group that developed the notorious Angler exploit kit, designed as a web based attack tool.Angler is well known for targeting programs run in a web browser, including Adobe reader, Adobe Flash player, and the Java environment. Java has had a series of serious vulnerabilities over the past few years and may be the most serious concern. Recently the kit has been updated for a vulnerability found in Microsoft Silverlight plugin which can be used to exploit the security system and breach into user’s computers and gain control.

By using an exploit found in Silverlight 5 and earlier, the angler kit will allow remote executions. Silverlight is a service used for web animation, similar to Adobe Flash. The plugin is being used by more than 40 million people in USA alone, so the impact of this threat is high. Users are advised to take better Internet security measures and safeguard themselves against such attacks. A fix/patch is already released and all that needs to be done is an update.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>