Adobe Flash Player Update Warning Message

dsimpson · June 22, 2015

I am starting to get popup windows reminding me that it is time to update my Adobe Flash Player. When I started the process, I got a warning message telling me that the website "get3adobe.com" is not a secure connection and gave me the choice to continue or cancel. Anyone else seen this warning? I am using the Firefox browser.

DJW · June 22, 2015

Doug

I would go to the official adobe web page for all upgrades. I would not go to that web site. You are looking for trouble if you log onto that site.

Dennis

RV_ · June 22, 2015

Guys,

Nooooo that is a malware phishing attempt. Try this and so it everyone that want to stay safe. Go to control panel. In the upper right corner it has a clickable "View by: Category" Click on it and change it to either large or small icons. Don't worry you can click on category anytime to change back. Now look for Flash and open it. There are tabs across the top of the Flash page that opens. Click on updates and it will bring you to the correct Adobe Flash update page not a malware website.

Even if you are sure that the pop up is real, better to do it through control panel anyway for Windows 7 and Vista. For Windows 8/8.1, it is embedded into IE and since I don't use FF I have no idea if the Control panel updates it for FF too.

Click here for info if one uses IE as I do for info on why you need do nothing for Flash updates: https://helpx.adobe.com/flash-player/kb/flash-player-issues-windows-8.html

The official Flash page is here: http://www.adobe.com/products/flashplayer.html Click on the menu at the top of the page, and clicjk on Flash at the bottom of that drop down sub menu. Bookmark the webpage for next time.

dsimpson · June 22, 2015

Thanks, guys. I will follow your advice

RV_ · June 23, 2015

Do it again as they just released an emergency patch today!

Except:

"Adobe today released an out-of-band patch for a Flash Player zero-day vulnerability being used in targeted attacks by an APT gang known for its storehouse of exploits targeting unpatched browser-based vulnerabilities.

The group, named by FireEye as APT3 and responsible for the so-called Clandestine Fox operation, has been exploiting the latest Flash zero day since early this month via phishing emails targeting aerospace and defense, construction and engineering, high tech, telecommunications, transportation organizations.

For victims that have been exploited, they are fast to move,” Oppenheim said. “If you’ve already been exploited, they are already moving along with lateral movement in the network, grabbing credentials and dropping more backdoors.”

APT3, Oppenheim said, targets intellectual property, in particular industrial types of information and documents from compromised systems. The use of spam-like phishing emails—most of the current campaign is using messaging related to discounted Apple devices—allows APT3 to target multiple people in the organization. The emails contain links to attacker-controlled websites where the Flash exploit is downloaded quietly onto a victim’s machine, as is the backdoor for moving data and dropping additional malware.

“With that, it only takes one person to click on the link to get access to the network,” Oppenheim said. “Unfortunately, there are still users who fall for this stuff.”

A report published today by FireEye explains that once a victim clicks on the link, they are redirected to a compromised server hosting JavaScript profiling scripts. Once the host is profiled, the malicious Flash file is downloaded. The Flash exploit, FireEye said, exploits the way Flash parses Flash Video files (FLV). The exploit bypasses memory-based protections such as address space layout randomization (ASLR), and it also uses return-oriented programming (ROP) to bypass data execution prevention (DEP).

“A neat trick to their ROP technique makes it simpler to exploit and will evade some ROP detection techniques,” FireEye explained in its report. “Shellcode is stored in the packed Flash exploit file alongside a key used for its decryption. The payload is xor encoded and hidden inside an image.”

MOre in the article here: https://threatpost.com/emergency-adobe-flash-patch-fixes-zero-day-under-attack/113434