Endpoint Protection

 View Only

New Flash zero-day exploited by attackers in the wild 

Apr 06, 2016 11:19 AM

Zero-day-new01.jpg

Adobe has said it will soon issue an update for Flash Player, following the discovery of a critical vulnerability that is being exploited in the wild.

The vulnerability (CVE-2016-1019) affects Adobe Flash Player versions 21.0.0.197 and earlier for the following operating systems:

  • Windows
  • Mac OS X
  • Linux
  • Chrome OS

Adobe said exploitation of the vulnerability could cause a crash and potentially allow an attacker to take control of the affected computer.

There are reports that the vulnerability is already being exploited in the wild on computers running Windows 7 and Windows XP with Flash Player versions 20.0.0.306 and earlier.

While the forthcoming update will fully patch the vulnerability, Adobe said that mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this flaw.

Mitigation advice
Flash Player users are advised to immediately update to the current version. Since this vulnerability is already being exploited in the wild, users should make updating this software a priority.

Users who are concerned about this issue can temporarily disable Adobe Flash in the browser by taking the following steps:

Internet Explorer versions 10 and 11

  1. Open Internet Explorer
  2. Click on the Tools menu, and then click Manage add-ons
  3. Under “Show”, select All add-ons
  4. Select Shockwave Flash Object and then click on the Disable button

You can re-enable Adobe Flash by repeating the same process, selecting Shockwave Flash Object, and clicking on the Enable button.

Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website; select the version of Internet Explorer you are using at the top right corner.

Firefox

  1. Open Firefox
  2. Open the browser menu and click Add-ons
  3. Select the Plugins tab
  4. Select Shockwave Flash and click Disable

You can re-enable Flash by repeating the same process, selecting Shockwave Flash, and then clicking on the Enable button.

Chrome

  1. Open Chrome
  2. Enter chrome://plugins/ in the address bar and hit the Enter key
  3. Click the Disable link under the Adobe Flash Player plugin

You can re-enable Flash by repeating the same process and clicking the Enable link.

Protection

Antivirus:

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.