Flash Player 0-Day Vulnerability Yet to be Patched

Learn all about the latest 0-Day Flash Player Vulnerability. By following this practical advice, you can improve your chances of staying protected.

An overview

Adobe has recently released a security update for Flash Player that fixes the exploited vulnerability in the attacks. Adobe investigated the threat and reported that an exploit has been developed, which gets around the latest update.

Kafeine, a security researcher, posted on a blog to convey the Flash vulnerability discovered by exploit kits. These kits are software tools that work on automation. The actual exploit packs help hacked sites to send out the malicious code. Kaffiene’s blog disclosed the Angular Exploit Kit, a popular crime-ware package that targets Flash player vulnerabilities. It’ll cleverly adapt to work in a certain way according to the version of Internet Explorer it detects in a Windows system.

The Flash Vulnerability

The vulnerability also exists in the Linux and Mac versions of Flash Player; however, the attackers targeted Windows and Internet Explorer users as well. Flash users must update the player as soon as possible. It is possible that the update might not fix all the holes in Flash.

An Adobe patch was developed to address the exploited Flash vulnerability; however it doesn’t address another active vulnerability that’s available for it.

Although the exploit, known as CVE-2015-0310 was downgraded, it was still used in the attacks related to the previous versions of Flash. The earlier versions of Chrome are also safe to use. Internet Explorer 10, IE11 and Firefox were supposed to update automatically to the latest versions of Flash. As for Google Chrome, its latest version is 40.0.2214.91, and currently runs Flash version 16.0.0.257.

Internet Explorer users would need to apply the patch twice. For instance, one on IE and the other on any alternative browser such as Opera or Firefox.

A word about dynamic website content

Since many websites rely on Flash player to display dynamic content, it would be easier if such sites opt to only use HTML5 to load multimedia. The click to play is one option to limit Flash content on the browser whilst it automatically renders.

An example of Flash click to play.

An example of Flash click to play.

At the same time, it’s impractical for most web users to remove Flash player completely, except for Internet Explorer which usually blocks Flash from rendering its content. The click to play feature is often preferred by many users.   It allows users to see the blocked content with only a click over the boxes. However, this will enable Flash content but bear in mind that the click to play feature will also block JavaScript from loading.

Stay updated

It is important to keep Flash Player updated to avoid being a potential target of attack. The latest versions of Flash are available, but be cautious of the unwanted add-ons that come with the Flash player versions. Once you un-check the pre-checked box, before downloading the Flash Player, the potential ad-on will not be included in the download.

For more ways to secure your data and systems, contact your local IT professionals.

Read More


Why it's important to update Flash

Flash is common enough to be a prime target for malware.  A new Adobe Flash exploit has been found allowing criminals to run malicious code.

Flash is susceptible to tampered files used to display multimedia, videos and animations while you are browsing the internet. This mainly affects desktops; however, it’s not an issue with servers since servers are less likely to have users on them browsing the internet.

Understanding the new Adobe Flash vulnerability

  • Taking a closer look at the cause for infections spreading through Adobe Flash, the risk usually lies in binary browser vulnerability within the .SWF files, where it is dropped by an undisclosed iframe.
  • Iframe is an inline frame. Back in the 90s, Microsoft came up with the idea for basic webpages to point to another page. This allowed a website to combine the content of its page with another. An iframe allows you to embed one site into another one seamlessly, with two different webpages displaying as one. Sounds like a great idea at the time, right?
  • It initially worked very well for Internet Explorer. What wasn’t foreseen was malware authors exploiting these iframe features.
  • This exploit affects only Internet Explorer users, which is why we urge everyone to use a more secure browser such as Firefox or Chrome. 

What does this Malware vulnerability do?

  • The injected iframe may have something subtly embedded such as a single pixel within the SWF file.
  • It’s high risk to Internet Explorer Users, where the Iframe can identified by its negative absolute positioning and random number approach.
  • The usual behaviour from these types of files will eventually take you to a currently black-listed blank domain.
  • This, of course, could change at any time. It could pose as a spoof site, aiming to steal data or to install malware.

How to protect yourself

The solution is simple, stay on top of your Adobe Flash updates. This is very important, especially if you use your web browser to do online gaming, stream music, watch videos and animations, such as on YouTube, which nearly always uses Adobe Flash Player.  By keeping updated with the latest Adobe updates, you’ll help to close down those vulnerabilities discussed above, and more.

Update_Adobe_Flash_Message

It’s good news if your choice of browser is Google Chrome. Chrome automatically updates your browser to the latest version of Adobe Flash.

All Onsite PC Solution Managed Services clients are automatically protected during their monthly maintenance.

To learn how to update Adobe Flash, please see our article Here (https://www.ophtek.com/should-you-update-adobe-flash/)

 

Read More


Why it's important to update adobe Flash

Adobe Flash player is an indispensable part of web browsing. Whether you’re watching Youtube videos, gaming online, or streaming videos, Adobe Flash will likely be necessary so be sure to keep it secure.

What is Adobe Flash?

According to Wikipedia:

Adobe Flash (formerly called Macromedia Flash and Shockwave Flash) is a multimedia and software platform used for creating vector graphics, animation, games and rich Internet applications (RIAs) that can be viewed, played and executed in Adobe Flash Player.

In other words, when you view multimedia through your web browser such as videos, music or animations, there is a good chance that it is using Adobe Flash.

What’s the risk?

The increased functionality flash player gives you also comes with risks. Flash player gives criminals almost as many opportunities to compromise your system as Java. If these risks are not addressed, you could be subject to exploits such as one that allows attackers to mimic a website to obtain your confidential information or even cause a denial of service by corrupting your memory.

Keeping your flash player updated to the latest version is the best way to plug these security holes that jeopardize your system. Fortunately, if you web browse with google chrome, your flash player is automatically updated.

How to update Adobe Flash player

1.) Go to Adobe’s website to check if you have the latest flash player installed. 

Click Check Now to see if you have the the current version. If you do, congratulations. If you don’t….

2.) Go to the download link in step 2.  

Why it's important to update adobe Flash

Click Download now to download the file. Before doing this, make sure NO extra programs are checked for you to download. Frequently, this will be McAfee as shown below:

Why it's important to update adobe Flash

Immediately uncheck the box next to Yes, install McAfee Security Scan Plus. You do NOT need this program, and it will make Windows run slower if you already have an antivirus program running.

3.) Follow the installation instructions on the download page.

4.) Enable Flash Player on your browser. The links for the instructions for each browser can be found on Adobe’s website.

5.) Verify if Flash Player is installed by checking the animation on Adobe’s website. If you see clouds moving, you have installed the player. If you don’t, try refreshing the page. If that still fails to produce moving clouds, go through the installation steps again.

For more information on this or other security issues affecting your PC, consult your local IT professional.

Read More