![]()
Adobe Flash Zero Day vulnerability is being exploited. Are you aware?
A new zero-day vulnerability has been discovered in Adobe Flash. Security researcher Kafeine reports that this vulnerability is currently being exploited in the wild. Unfortunately, we will continue to see these types of vulnerabilities exposed and targeted as cyber-attacks become more advanced. Groups are working diligently to get better at exposing vulnerabilities no matter how small or large – particularly as the work/home lines become blurrier, with employees using personal devices for work and work devices for personal use.
Sobering, this mean greater exposure and greater threats for businesses.
Here’s a few things to know about this latest vulnerability.
- The zero-day Flash Player vulnerability (CVE-2018-4878) that Adobe warned about on Thursday was leveraged by North Korean hackers. This was apparently an extremely targeted attack, and it is unlikely that anyone else is taking advantage of the exploit – for now. Still, with the vulnerability now public, it’s likely that criminals are already working on creating an exploit. Adobe has said it will address this vulnerability in a release planned for the week of Monday, Feb. 5. The issue affects Adobe Flash Player Desktop Runtime on Linux, Mac, and Windows, as well as Flash Player for Google Chrome and Microsoft Edge.
- The term zero-day refers to an unknown vulnerability or an exploit in a software program that the developer of the software is newly aware of, and has not had the time to address and patch. Zero-days are particularly troublesome because they often present an open window during which cybercriminals can operate unchallenged. Because of this, zero-days are prized by cybercriminals who have knowledge of them and are used for as long and as quietly as possible.
- In this case, the zero-day vulnerability was found in Adobe Flash, a widely distributed software application. Just as troubling, working exploits used to take advantage of this vulnerability were discovered in the Angler Exploit Kit, which is one of many tools sold on the underground market that help criminals commit cybercrime.
- According to ZDNet, successful exploitation could potentially allow an attacker to take control of the affected system. Excel spreadsheet, Active X, Adobe Flash – this exploit is a blast from the past with one of everything. According to Norton, it’s important that users remain alert to stay protected from this vulnerability, as it targets the current version of Adobe Flash, which is widely used. Symantec considers this a severe incident, as it has the potential to affect a large number of users. Testing performed by Kafeine concludes that the following products are affected: Internet Explorer versions 6 through 10; Windows XP (Internet Explorer versions 6-8); Windows 7 (Internet Explorer version 8); Windows 8 (Internet Explorer version 10);
Firefox browser.
![]()
How to protect your devices?
Patch early, patch often: Adobe is already working on potential fix to this vulnerability and we can expect to see a patch/update to Flash in the coming days. Do not delay on the fix as it will only leave you exposed that much longer.
Careful what you download! Most malicious attacks typically need some type of help from the user to get the ball rolling. Be cautious when downloading items from the web and be sure that you are downloading from a trusted site. This also includes emails – If you do not know the sender, don’t open and/or download the contents.
Be sure to keep your antivirus updated! Most antiviruses will monitor for other malicious software as well as identifying vulnerabilities. Be sure to run scans at least once a week to ensure your devices is safe. Also be sure to keep the software updated, as new definitions are constantly pushed out to address any new threats.
CompuData provides services to keep you and your company safe and secure! Need help protecting your business from vulnerabilities? Contact CompuData today!