Adobe Releases Flash Security Update Due To New Exploit

Yesterday Adobe released an emergency security update for Flash Player that they had previously announced earlier this week. This update was released ahead of the next Update Tuesday since the Magnitude Exploit kit(defined) is exploiting a zero-day vulnerability (defined) in order to infect devices/systems with ransomware (defined) specifically the Cerber and Locky variants.

The update address 24 critical security vulnerabilities (more formally known as CVEs (defined) one of which (as mentioned above) is currently being exploited and has been since at least the 31st of March according to the security firm Proofpoint.

Update: 13th April 2016:

Microsoft issued their security update for Windows 8.1 (Internet Explorer) and Windows 10 users (Microsoft Edge and Internet Explorer, respectively). Further details are available in their security bulletin.

Thank you.

(Please see update above): At the time of writing Microsoft had not yet made available the relevant updates for Microsoft Edge or Internet Explorer. They now do so by releasing a separate security bulletin. The full list of security bulletins is available from this page. Google reacted quickly releasing version 49.0.2623.112 of Chrome which includes the updated Flash Player v21.0.0.213.

Flash Player updates for Linux, Apple Mac OS X and Windows are available from this link (which can be used if you don’t have automatic updating enabled or simply wish to install the update as soon as possible). As explained by Sophos the automatic updater of Flash Player updates systems in phases in order to avoid too much congestion on Adobe’s servers.

As always I would recommend that if you have Flash Player installed to install the necessary update as soon as possible. You can check if you have Flash Player installed using this page.

In addition, please follow my recommendation to enable the ASR mitigation of Microsoft EMET as detailed in this post in order to mitigate against Flash based vulnerabilities being exploited in applications that can open Microsoft Office documents and/or Adobe PDF files.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.