1

Adobe Flash users have been under attack from cybercriminals again, this time courtesy of a zero day exploit kit by the name of Angler. The exploit kit has been readily available on the dark market, and hits vulnerabilities to be found in Flash Players up to 15.0.0.223, as well as the latest release.

There is some uncertainty as to who is at risk from this kit, with some sources claiming Windows 8.1 and Google Chrome users are safe, while others tell me any version of Internet Explorer used with any version of Windows is at risk if Adobe Flash player 16.0.0.287 is installed and enabled.

It's best to assume, therefore, that if you are an Adobe Flash user you are at risk. Adobe has issued an emergency patch for the Angler exploit under CVE-2015-0310 which covers vulnerabilities in the older versions, and a patch for the version 16.0.0.287 exploit should be available in the coming week.

Adobe recommends users update their product installations to the latest versions:

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.

Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.

Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.

Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

7
Contributors
8
Replies
59
Views
2 Years
Discussion Span
Last Post by Slavi
1

Adobe has been working on patching Flash Player to eliminate these issues. In fact, I just got an update for that on my Linux system this morning. Yes, there are vulnerabilities in any software - that is the nature of the beast - but responsible companies will attempt to deal with them as soon as they are informed of them. Yes, most could be more pro-active, but sometimes even with the best people and intentions stuff is missed that malware writers catch.

Disclaimer: I am an Adobe employee. We use Flash extensively in our work, so fixing these problems asap is in our own best interest.

Edited by rubberman

1

Davey's article relayed:
Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438. (Actually the update now is 11.2.202.442)
Amazing how quickly info gets dated.

0

I am an Adobe employee. We use Flash extensively in our work, so fixing these problems asap is in our own best interest.

Wow I thought flash was done and dusted, I never realised it was still used in enterprise. Can I ask what it is you use it for?

0

I've tried deleting the history from material that websites have collected in adobe . But it's always been such a problem in a vulnerability. I know that when I was in hacked. Adobe was the key player . Learning how to fix my security issues. Isn't this one my major issue ? How do I fix this one ?

0

How to fix it? #1 rule, don't install flash player, just don't ..
and if you do use flash control on your browser ..

Edited by Slavi

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.