Jump to content

Adobe Flash Zero Day Found in the Wild


Corrine
 Share

Recommended Posts

New Adobe Flash Zero-Day found in the Wild | Malwarebytes Unpacked

Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit.

 

The information by Kafeine is at Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee.

  • Like 1
Link to comment
Share on other sites

Adobe has released security updates for Adobe Flash Player 16.0.0.257 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.425 and earlier versions for Linux. This update address the above-referenced Zero-Day. See follow-up post!

 

It is strongly advised that the update be applied as soon as possible.

Link to comment
Share on other sites

Correction: From Threatpost, Adobe Patches One Zero Day in Flash, Still Investigating Separate Vulnerability:

 

"The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks."

The Threatpost article further indicated that there is no indication from Adobe officials that an update is in the works for the Angler zero-day vulnerability.

 

Link to comment
Share on other sites

Adobe gets second Flash zero-day patch ready 2 days early! | Naked Security

 

If you have Flash Player set to auto-update, you'll receive the update automatically. Otherwise, the stand-alone installer for version 16.0.0.296 will be available for manual download during the week of January 26.

 

Do the following to set Flash Player to auto-update:

 

Windows: click Start > Settings > Control Panel > Flash Player

Macintosh: System Preferences (under Other) click Flash Player

Linux Gnome: System > Preferences > Adobe Flash Player

Linux KDE: System Settings > Adobe Flash Player

 

Adobe Security Bulletin

  • Like 2
Link to comment
Share on other sites

The direct download links are now available:

 

Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe

Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe

 

  • Like 3
Link to comment
Share on other sites

Interesting--after running the download from the link Corrine supplied I find that Flash on Win7 reports a higher version than Adobe is saying is current on their check-Flash-version webpage. :whistling: We're nothing if not cutting edge here at SNLF.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...