Learn all about the latest 0-Day Flash Player Vulnerability. By following this practical advice, you can improve your chances of staying protected.
An overview
Adobe has recently released a security update for Flash Player that fixes the exploited vulnerability in the attacks. Adobe investigated the threat and reported that an exploit has been developed, which gets around the latest update.
Kafeine, a security researcher, posted on a blog to convey the Flash vulnerability discovered by exploit kits. These kits are software tools that work on automation. The actual exploit packs help hacked sites to send out the malicious code. Kaffiene’s blog disclosed the Angular Exploit Kit, a popular crime-ware package that targets Flash player vulnerabilities. It’ll cleverly adapt to work in a certain way according to the version of Internet Explorer it detects in a Windows system.
The Flash Vulnerability
The vulnerability also exists in the Linux and Mac versions of Flash Player; however, the attackers targeted Windows and Internet Explorer users as well. Flash users must update the player as soon as possible. It is possible that the update might not fix all the holes in Flash.
An Adobe patch was developed to address the exploited Flash vulnerability; however it doesn’t address another active vulnerability that’s available for it.
Although the exploit, known as CVE-2015-0310 was downgraded, it was still used in the attacks related to the previous versions of Flash. The earlier versions of Chrome are also safe to use. Internet Explorer 10, IE11 and Firefox were supposed to update automatically to the latest versions of Flash. As for Google Chrome, its latest version is 40.0.2214.91, and currently runs Flash version 16.0.0.257.
Internet Explorer users would need to apply the patch twice. For instance, one on IE and the other on any alternative browser such as Opera or Firefox.
A word about dynamic website content
Since many websites rely on Flash player to display dynamic content, it would be easier if such sites opt to only use HTML5 to load multimedia. The click to play is one option to limit Flash content on the browser whilst it automatically renders.
An example of Flash click to play.
At the same time, it’s impractical for most web users to remove Flash player completely, except for Internet Explorer which usually blocks Flash from rendering its content. The click to play feature is often preferred by many users. It allows users to see the blocked content with only a click over the boxes. However, this will enable Flash content but bear in mind that the click to play feature will also block JavaScript from loading.
Stay updated
It is important to keep Flash Player updated to avoid being a potential target of attack. The latest versions of Flash are available, but be cautious of the unwanted add-ons that come with the Flash player versions. Once you un-check the pre-checked box, before downloading the Flash Player, the potential ad-on will not be included in the download.
For more ways to secure your data and systems, contact your local IT professionals.
