{"id":12509,"date":"2018-06-07T10:17:11","date_gmt":"2018-06-07T18:17:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/06\/07\/news-6278\/"},"modified":"2018-06-07T10:17:11","modified_gmt":"2018-06-07T18:17:11","slug":"news-6278","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/06\/07\/news-6278\/","title":{"rendered":"Adobe Patches Zero-Day Flash Flaw"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Thu, 07 Jun 2018 16:37:50 +0000<\/strong><\/p>\n

Adobe<\/strong> has released an emergency update to address a critical security hole in its Flash Player<\/strong> browser plugin that is being actively exploited to deploy malicious software. If you’ve got Flash installed — and if you’re using Google Chrome<\/strong> or a recent version of Microsoft Windows<\/strong> you do — it’s time once again to make sure your copy of Flash is either patched, hobbled or removed.<\/p>\n

\"\"In an advisory<\/a> published today, Adobe said it is aware of a report that an exploit for the previously unknown Flash flaw — CVE-2018-5002<\/strong> — exists in the wild, and “is being used in limited, targeted attacks against Windows users. These attacks leverage Microsoft Office<\/strong> documents with embedded malicious Flash Player content distributed via email.”<\/p>\n

The vulnerable versions of Flash include v. 29.0.0.171<\/em> and earlier. The version of Flash released today brings the program to v. 30.0.0.113<\/em> for Windows, Mac<\/strong>, Linux<\/strong> and Chrome OS<\/strong>. Check out this link<\/a> to detect the presence of Flash in your browser and the version number installed.<\/p>\n

Both\u00a0Internet Explorer<\/strong>\/Edge<\/strong> on Windows 10<\/strong>\u00a0and Chrome should automatically prompt users to update Flash when newer versions are available. At the moment, however, I can’t see any signs yet that either Microsoft or Google has pushed out new updates to address the Flash flaw. I’ll update this post if that changes.<\/p>\n

Adobe credits Chinese security firm Qihoo 360<\/strong> with reporting the zero-day Flash flaw. Qihoo said in a blog post<\/a> that the exploit was seen being used to target individuals and companies in Doha, Qatar, and is believed to be related to a nation-state backed cyber-espionage campaign that uses booby-trapped Office documents to deploy malware.<\/p>\n

In February 2018, Adobe patched another zero-day Flash flaw<\/a> that was tied to cyber espionage attacks launched by North Korean hackers<\/a>.<\/span><\/p>\n

Hopefully, most readers here have taken my longstanding advice to disable or at least hobble Flash, a buggy and insecure component that nonetheless ships by default with\u00a0Google Chrome<\/strong>\u00a0and\u00a0Internet Explorer<\/strong>. More on that approach (as well as slightly less radical\u00a0solutions) can be found in\u00a0A Month Without Adobe Flash Player<\/a>. The short\u00a0version is that you\u00a0can probably get by without Flash installed and not miss it at all.<\/p>\n

For readers still unwilling to cut the Flash cord, there are half-measures that work almost as well. Fortunately,\u00a0disabling Flash in Chrome<\/a>\u00a0is simple enough. Paste \u201cchrome:\/\/settings\/content<\/a>\u201d into a Chrome browser bar and then select \u201cFlash\u201d from the list of items. By default it should be set to \u201cAsk first\u201d before running Flash, although users also can disable Flash entirely here or whitelist\/blacklist specific sites.<\/p>\n

By default,\u00a0Mozilla Firefox<\/strong>\u00a0on Windows computers with Flash installed runs Flash in a \u201cprotected mode<\/a>,\u201d which prompts the user to decide if they want to enable the plugin before Flash content runs on a Web site.<\/p>\n

Another, perhaps less elegant, alternative to wholesale kicking Flash to the curb is to keeping it installed in a browser that you don\u2019t normally use, and then only using that browser on sites that require Flash.<\/p>\n

Administrators have the ability to change Flash Player\u2019s behavior when running on Internet Explorer on Windows 7<\/strong> and below by prompting the user before playing Flash content. A guide on how to do that is\u00a0here<\/a>\u00a0(PDF).\u00a0Administrators may also consider implementing\u00a0Protected View for Office<\/a>. Protected View opens a file marked as potentially unsafe in Read-only mode.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Thu, 07 Jun 2018 16:37:50 +0000<\/strong><\/p>\n

Adobe has released an emergency update to address a critical security hole in its Flash Player browser plugin that is being actively exploited to deploy malicious software. If you’ve got Flash installed — and if you’re using Google Chrome or a recent version of Microsoft Windows you do — it’s time once again to make sure your copy of Flash is either patched, hobbled or removed.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[18664,18665,18666,18335,18667,16936],"class_list":["post-12509","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-adobe-flash-player-zero-day","tag-cve-2018-5002","tag-flash-30-0-0-113","tag-flash-player-29-0-0-171","tag-qihoo-360","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12509"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12509\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12509"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}