Go Back   Steve's Digicams Forums > Misc Forums > Computers and Operating Systems

Reply
 
Thread Tools Search this Thread
Old Oct 15, 2015, 8:24 AM   #1
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default Unpatched Adobe Flash Player Vulnerability

Here we go again...

Adobe just released new Flash Player versions this week to protect against a lot of vulnerabilities. See this bulletin:

https://helpx.adobe.com/content/help...apsb15-25.html

To see what flash player version you have installed in a given browser, go to this link:

http://www.adobe.com/software/flash/about/

For Windows, if you have updated to the latest version, you're probably running Adobe Flash Player 19.0.0.207

But, on the same day that Adobe released 19.0.0.207 (you probably updated to it yesterday if you're keeping plugins up to date), another critical vulnerability was confirmed by Adobe. Here's a security bulletin about it:

https://helpx.adobe.com/security/pro...apsa15-05.html

This new vulnerability is not patched yet, and Adobe is currently reporting that it will not be patched until next week.

This new vulnerability was originally reported by Trend Micro. Read more about it here:

http://blog.trendmicro.com/trendlabs...torm-campaign/

So, I'd make sure you have the latest version of Flash Player installed for starters (as a *LOT* of vulnerabilities were just patched in version 19.0.0.207)

Then, leave it disabled unless absolutely necessary for anything (making sure the flash content you're viewing is from a trusted source), since we'll probably see more criminals taking advantage of the new (and still unpatched) vulnerability found by Trend Micro.
Or, better yet, just remove Flash Player entirely and get by without it.

Another tip....

I'd suggest installing Malwarebytes Anti-Exploit Free (not the same thing as Malwarebytes Anti-Malware). It's designed to help protect against zero day browser and plugin exploits. Get it here:

https://www.malwarebytes.org/antiexploit/

Here's a video showing it in action:

https://www.youtube.com/watch?featur...&v=34rrjkRkj1s

All you need is the free version to help protect against exploits targeting your browser and plugins (including Adobe Flash Player). It uses heuristics versus signatures (it looks at web page behaviour), and has worked against a number of previous zero day exploits in flash player (before they were known about and patched). So, I keep it installed in my Windows installations.

But, there is no guarantee that it will protect you against all browser and plugin exploits (and I don't know if anyone has tested it with this new exploit either). So, I'd suggest leaving Flash Player disabled (or remove it).
JimC is offline   Reply With Quote
Sponsored Links
 
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 3:12 AM.