That's about 40 million potential victims for the Silverlight exploit in Angler EK. The Silverlight web plugin is not installed by default but is required to view content on certain websites.Īs pointed out by Timo Hirvonen, Netflix, which has 40 million subscribers, requires Silverlight for its paid streaming video service.
If the conditions are right, a specially crafted library is triggered to exploit the Silverlight vulnerability.Īs with all exploit kits, leveraging vulnerabilities is just an intermediary step for the real motive: pushing malware to the victims' machine. Upon landing on the exploit page, the Angler exploit kit will determine if Silverlight is installed and what version is running. The screenshot below summarizes the attack (click to enlarge): The Silverlight exploit was first spotted in the Angler exploit kit by and later documented by Kafeine.
#Does netflix require silverlight on mac code
The flaw, which exists in versions prior to 5.0, allows attackers to execute arbitrary code on the affected systems without any user interaction. A vulnerability affecting Microsoft Silverlight 5 is live and infecting PCs that visit compromised or malicious websites.ĭeveloped by Microsoft, Silverlight is a framework for rich Internet applications and in many ways can be compared to Flash, although the latter has become more dominant.
0 kommentar(er)
