||LinkBack||Thread Tools||Search this Thread|
|Oct 15, 2015, 9:24 AM||#1|
Join Date: Jun 2003
Location: Savannah, GA (USA)
Unpatched Adobe Flash Player Vulnerability
Here we go again...
Adobe just released new Flash Player versions this week to protect against a lot of vulnerabilities. See this bulletin:
To see what flash player version you have installed in a given browser, go to this link:
For Windows, if you have updated to the latest version, you're probably running Adobe Flash Player 184.108.40.206
But, on the same day that Adobe released 220.127.116.11 (you probably updated to it yesterday if you're keeping plugins up to date), another critical vulnerability was confirmed by Adobe. Here's a security bulletin about it:
This new vulnerability is not patched yet, and Adobe is currently reporting that it will not be patched until next week.
This new vulnerability was originally reported by Trend Micro. Read more about it here:
So, I'd make sure you have the latest version of Flash Player installed for starters (as a *LOT* of vulnerabilities were just patched in version 18.104.22.168)
Then, leave it disabled unless absolutely necessary for anything (making sure the flash content you're viewing is from a trusted source), since we'll probably see more criminals taking advantage of the new (and still unpatched) vulnerability found by Trend Micro.
Or, better yet, just remove Flash Player entirely and get by without it.
I'd suggest installing Malwarebytes Anti-Exploit Free (not the same thing as Malwarebytes Anti-Malware). It's designed to help protect against zero day browser and plugin exploits. Get it here:
Here's a video showing it in action:
All you need is the free version to help protect against exploits targeting your browser and plugins (including Adobe Flash Player). It uses heuristics versus signatures (it looks at web page behaviour), and has worked against a number of previous zero day exploits in flash player (before they were known about and patched). So, I keep it installed in my Windows installations.
But, there is no guarantee that it will protect you against all browser and plugin exploits (and I don't know if anyone has tested it with this new exploit either). So, I'd suggest leaving Flash Player disabled (or remove it).
|Thread Tools||Search this Thread|