Zero-Day Exploit for Latest Version of Flash

UPDATE 1/22/2015: Adobe has released a partial patch for this vulnerability: KrebsonSecurity.com: Flash Patch Targets Zero Day Exploit

Adobe plans to release additional patches next week.

It is recommended that you install both the available update today, and future patches as they are released in the next week.

Adobe Flash Player Website

——–

Security researchers have discovered an new unpatched vulnerability in Adobe Flash Player that allows attackers to install malware onto a user’s computer. The malware is currently being used as part of the Angler exploit kit. When a user visits a malicious website the Angler exploit kit uses the vulnerability in Flash to install the Bedep malware. But criminals could use the exploit to install any type of malware.

To protect yourself:

Install and keep up to date your antivirus software. The NU community can get antivirus software for free.
Consider using Google Chrome to browse website that contain Flash and Flash advertisements
Disable Flash in Internet Explorer until a patch has been issued by Adobe
Install the vulnerability patch from Adobe when it becomes available.

Who is vulnerable?

Windows 8.1, IE 11 with Flash version 16.0.0.257
Windows 8, IE10 with Flash version 16.0.0.257
Windows 7, IE6-9, with Flash version 16.0.0.257
Windows XP, IE6 to 8 with Flash 16.0.0.257
Firefox version 35 with Flash version 16.0.0.257

Note: Flash Player versions up to 15.0.0.223 are also vulnerable.

Who is safe?

Google Chrome browser users.

More Information:

EXPLOIT FOR FLASH ZERO DAY APPEARS IN ANGLER EXPLOIT KIT

Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK

This entry was posted in Malware, Anti-Virus, Phishing, Scams. Bookmark the permalink. Both comments and trackbacks are currently closed.