BEST OF THE WEB

Patch warning: Exploit kit already takes advantage of Flash vulnerability

When it comes to patching software, Adobe Flash fixes may not be highest in priority for some organizations. Not for the latest one, however.

According to reports, a zero day attack leveraging the latest Flash vulnerability Windows 7 systems and below is already in one exploit kit, meaning the patch — issued June 23 — should be at the top of every CISO’s work list.

According to a blog post from a security researcher called Kafeine, the Magnitude kit is being used to implant a number of pieces of malware, including the Cryptowall ransomware.

Adobe said the patch, for Windows, Macintosh and Linux systems updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.

On Windows systems, the latest version of Flash desktop is  18.0.0.194. Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.296.  Adobe Flash Player installed with Google Chrome and Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.194.

Malwarebytes’ Jerome Segura also issued a warning Sunday about the Magnitude exploit.  “For many users this is cutting it really short to be able to patch their software in due time. Without a doubt, this new exploit is going to wreak havoc on a large number of vulnerable machines.”

“Without a doubt, this is the year of Flash zero-days,” he adds, with many already suggesting completely uninstalling the Flash plugin. A compromise, he adds, is enabling “click-to-play” in all browsers/  a feature in all browsers that puts you in control to run the aforementioned plugin. A how-to guide is available here.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web