Warning: Adobe Flash users remain at risk of Angler attack

happygeek 1 Tallied Votes 488 Views Share

Adobe Flash users have been under attack from cybercriminals again, this time courtesy of a zero day exploit kit by the name of Angler. The exploit kit has been readily available on the dark market, and hits vulnerabilities to be found in Flash Players up to 15.0.0.223, as well as the latest release.

There is some uncertainty as to who is at risk from this kit, with some sources claiming Windows 8.1 and Google Chrome users are safe, while others tell me any version of Internet Explorer used with any version of Windows is at risk if Adobe Flash player 16.0.0.287 is installed and enabled.

It's best to assume, therefore, that if you are an Adobe Flash user you are at risk. Adobe has issued an emergency patch for the Angler exploit under CVE-2015-0310 which covers vulnerabilities in the older versions, and a patch for the version 16.0.0.287 exploit should be available in the coming week.

Adobe recommends users update their product installations to the latest versions:

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.

Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.

Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.

Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.

rubberman 1,355 Nearly a Posting Virtuoso Featured Poster

Adobe has been working on patching Flash Player to eliminate these issues. In fact, I just got an update for that on my Linux system this morning. Yes, there are vulnerabilities in any software - that is the nature of the beast - but responsible companies will attempt to deal with them as soon as they are informed of them. Yes, most could be more pro-active, but sometimes even with the best people and intentions stuff is missed that malware writers catch.

Disclaimer: I am an Adobe employee. We use Flash extensively in our work, so fixing these problems asap is in our own best interest.

pwink44 0 Newbie Poster

Davey's article relayed:
Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438. (Actually the update now is 11.2.202.442)
Amazing how quickly info gets dated.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Yup.

Member Avatar for iamthwee
iamthwee

I am an Adobe employee. We use Flash extensively in our work, so fixing these problems asap is in our own best interest.

Wow I thought flash was done and dusted, I never realised it was still used in enterprise. Can I ask what it is you use it for?

XP78USER 30 Posting Whiz in Training

I would say that an adobe employee on this website is the best thing in my life

mkosik 0 Newbie Poster

I've tried deleting the history from material that websites have collected in adobe . But it's always been such a problem in a vulnerability. I know that when I was in hacked. Adobe was the key player . Learning how to fix my security issues. Isn't this one my major issue ? How do I fix this one ?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

What?

Slavi 94 Master Poster Featured Poster

How to fix it? #1 rule, don't install flash player, just don't ..
and if you do use flash control on your browser ..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.