Emergency Update Coming for Flash Vulnerability Under Attack

[RV_]

Ransomware is attacking computers through another Flash vulnerability. If you are running XP/Vista/Windows 7 you need to know to go to control panel and update from the Flash icon there when you switch the view from category, to large icons on the top right corner of Control panel. Then you can click directly on the icon and then click on the update tab and click on update.

 

Windows 8/8.1/10 have to wait for a Windows out of cycle update or next Tuesday's normal monthly update day.

 

Excerpt:

 

"Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked.

 

Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS.

 

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in an advisory published late this afternoon.

 

Adobe said that a mitigation introduced on March 10 in Flash 21.0.0.182 protects users against attack; users are urged to update immediately. Adobe said active attacks using CVE-2016-1019 are targeting Windows 7 and Windows XP systems running Flash 20.0.0.306 and earlier.

 

French researcher Kafeine, who publishes updates on his personal site on exploit kits, is one of three researchers credited with disclosing the bug to Adobe along with FireEye’s Genwei Jiang and Google’s Clement Lecigne.

 

Kafeine told Threatpost he would not comment before the availability of a patch."

 

The whole artic;le with hot links to related advisories is here: https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/

 

The original Adobe advisory is here, which is less confusing than the Threatpost article:

https://helpx.adobe.com/security/products/flash-player/apsa16-01.html

[docj]

If you're using Chrome, the patch is included in a new release of the browser. Go to Chrome/Settings/About and the browser will automatically update to the latest version.

[RV_]

I just got this in email:

 

"Dear Derek,

 

Adobe issued an emergency update to its Adobe Flash Player software today after researchers discovered a vulnerability that was being exploited to deliver ransomware (variants of Cerber ransomware). Flash has over one billion users, so odds are you are affected by this update.

 

This is exactly the type of zero-day attack Malwarebytes Anti-Exploit Premium can protect you from. So, nice work! If you're currently running Malwarebytes Anti-Malware Exploit Premium, your computer will be safe.

 

As a precaution, we suggest you update your Adobe Flash Player (Shockwave Flash Plugin). In addition, we also recommend you install Malwarebytes Anti-

Malware Premium if you haven't already. For top security, run both Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit Premium, as a layered approach is the best way to keep threats off your computer.

 

We'd hate to see your computer compromised. Here at Malwarebytes, we pledge to keep you protected and informed about the latest issues. Your peace of mind is our number one priority.

 

Sincerely,
The Malwarebytes Team

 

P.S. Learn more about this threat here." https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/botched-flash-0day-gets-patched/?utm_source=double-opt-in&utm_medium=email-internal-Adhoc&utm_campaign=EM-AdHoc&utm_content=AdHoc