[FSec] Low Hanging Fruit: Flash Player

Newsfeed

Nachrichtenbote
Flash Player version 16.0.0.296 is now available.

Flash_16_0_0_296.png


In Windows, you can check what version you have installed via Flash's Control Panel applet.

Flash_Player_16.0.0.296.png


According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.

Adobe_Bulletin_CVE-2015-0311.png


We're not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.

And not only that, but more. At this point, we recommend enabling "click-to-play" options. Here's an example from Firefox with the "Ask to Activate" configured.

Firefox_Flash_Ask_to_Activate.png


Google Chrome also offers options in its "advanced" settings.

Why do we recommend click-to-play? Because Flash Player is currently the application most aggressively targeted by exploit kits.

Here are some stats from last week from which you can see that Angler, which was targeting a Flash Player 0-Day vulnerability, was leading the exploit kit market.

Finland:

ExploitKits_Jan2015_FI.png


Germany:

ExploitKits_Jan2015_DE.png


United Kingdom:

ExploitKits_Jan2015_UK.png


And Angler was number one in several other regions as well.

So, update your Flash Player, set it to auto-update, and configure click-to-play.
On 27/01/15 At 05:13 PM

Weiterlesen...
 
Zurück
Oben