April 6, Softpedia – (International) Windows’ Pirrit adware ported to OS X via Qt Framework. Security researcher from Cybereason discovered that the OSX/Pirrit adware was infecting Apple Mac users for the first time and hijacking users’ Web traffic with several ads via the Qt Framework, which allows programmers to write applications that work on Apple Mac devices, Linux systems, and Microsoft Window devices. The malware was seen using several steps to infiltrate a system after a user launches a Pirrit-laced binary. Source.
April 6, SecurityWeek – (International) Adobe to patch actively exploited Flash zero-day. Adobe reported April 5 that it will be releasing a patch for its Flash Player 220.127.116.11 and its earlier versions April 7 which will address a zero-day vulnerability after malicious attackers were seen actively exploiting the flaws. Customers were advised to ensure their Flash Players were updated to version 18.104.22.168 or later. Source.
April 6, SecurityWeek – (International) Quanta routers plagued by many unpatched flaws. A security researcher discovered more than 20 vulnerabilities in the latest firmware version of Quanta Computer’s LTE QDH routers, and several other devices including QDH, UNE, Mobily, and YooMee 4G routers that can allow an attacker to obtain sensitive information including credentials and configuration data through several flaws including remote code execution, arbitrary file access, a denial-of-service (DoS) vulnerability, and a hardcoded Secure Shell (SSH) server key that can be used to decrypt SSH traffic going through the router. Quanta stated the vulnerabilities in the LTE QDH routers will not be patched since the routers have reached end of life (EOL). Source.