{"id":11347,"date":"2018-02-02T07:17:30","date_gmt":"2018-02-02T15:17:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/02\/news-5118\/"},"modified":"2018-02-02T07:17:30","modified_gmt":"2018-02-02T15:17:30","slug":"news-5118","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/02\/news-5118\/","title":{"rendered":"Attackers Exploiting Unpatched Flaw in Flash"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Fri, 02 Feb 2018 14:21:06 +0000<\/strong><\/p>\n

Adobe<\/strong> warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player<\/strong> software to break into Microsoft Windows<\/strong> computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.<\/p>\n

\"\"Adobe said a\u00a0critical vulnerability (CVE-2018-4878<\/strong>) exists in Adobe Flash Player 28.0.0.137<\/em>\u00a0and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.<\/p>\n

The software company warns that an exploit for the flaw is being used in the wild, and that so far the attacks leverage Microsoft Office<\/strong> documents with embedded malicious Flash content.\u00a0Adobe said it plans to address this vulnerability in a release planned for the week of\u00a0February 5.<\/p>\n

According to Adobe’s advisory<\/a>, beginning with Flash Player 27, administrators have the ability to change Flash Player’s behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing Flash content. A guide on how to do that is here<\/a>\u00a0(PDF).\u00a0Administrators may also consider implementing\u00a0Protected View for Office<\/a>. Protected View opens a file marked as potentially unsafe in Read-only mode.<\/span><\/p>\n

<\/span><\/p>\n

Hopefully, most readers here have taken my longstanding advice to disable or at least hobble Flash, a buggy and insecure component that nonetheless ships by default with Google Chrome<\/strong> and Internet Explorer<\/strong>. More on that approach (as well as slightly less radical\u00a0solutions) can be found in\u00a0A Month Without Adobe Flash Player<\/a>. The short\u00a0version is that you\u00a0can probably get by without Flash installed and not miss it at all.<\/p>\n

For readers still unwilling to cut the Flash cord, there are half-measures that work almost as well. Fortunately,\u00a0disabling Flash in Chrome<\/a>\u00a0is simple enough. Paste \u201cchrome:\/\/settings\/content<\/a>\u201d into a Chrome browser bar and then select \u201cFlash\u201d from the list of items. By default it should be set to \u201cAsk first\u201d before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.<\/p>\n

By default, Mozilla Firefox<\/strong> on Windows computers with Flash installed runs Flash in a “protected mode<\/a>,” which prompts the user to decide if they want to enable the plugin before Flash content runs on a Web site.<\/p>\n

Another, perhaps less elegant, alternative to wholesale kicking Flash to the curb is to keeping it installed in a browser that you don\u2019t normally use, and then only using that browser on sites that require Flash.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Fri, 02 Feb 2018 14:21:06 +0000<\/strong><\/p>\n

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses. Adobe said a\u00a0critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137\u00a0and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[17393,17394,11427,10829,16888,17395,17396,17397,17061],"class_list":["post-11347","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-cve-2018-4878","tag-flash-player-zero-day","tag-google-chrome","tag-internet-explorer","tag-latest-warnings","tag-mozilla-firefox","tag-protected-mode","tag-protected-view-for-office","tag-the-coming-storm"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11347"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11347\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11347"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}