New Adobe Flash Zero-Day Exploit Discovered in Malvertisements


A new Adobe Zero-day exploit was discovered by Trend Micro on February 2nd, 2015. A Zero-day exploit is when there is an unpatched bug in a software program that allows hackers access to inject malware into your computer.  

 

How Can Cybercriminals Infect My System?

In this particular case, the malware is delivered via malvertising, which is a form of an attack that uses legitimate online advertising networks to deliver malicious code onto your computer.  Unfortunately, you don’t even have to do anything to be infected by this kind of malvertising, as it often uses a drive-by-download; where all a user has to do to contract the malware is to visit the infected webpage or be redirected to a compromised site.

 

Does This Issue Affect Me?

Adobe has acknowledged this new vulnerability and has stated the following versions are affected:

  • Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 13.0.0.264 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.440 and earlier versions for Linux

Adobe has also stated that a patch will be available some time this week. The vulnerability is currently unpatched.

This is the second vulnerability that comes a week after the discovery of the Angler Exploit Kit. It is important to note that Flash users who applied the newly released software update from Adobe last week for the Angler Exploit Kit will still be exposed to this new vulnerability.

 

How Do I Stay Protected?

Users who are concerned about this issue can temporarily disable Adobe Flash in the browser by taking the following steps:

Internet Explorer versions 10 and 11

  1. Open Internet Explorer
  2. Click on the “Tools” menu, and then click “Manage add-ons”
  3. Under “Show”, select “All add-ons”
  4. Select “Shockwave Flash Object” and then click on the disable button.

You can re-enable Adobe Flash by repeating the same process, selecting “Shockwave Flash Object” and then clicking on the disable button.

Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using in the top right corner.

 

Firefox

  1. Open Firefox
  2. Open the browser menu and click “Add-ons”
  3. Select the “Plugins” tab
  4. Select “Shockwave Flash” and click “Disable”

You can re-enable Flash by repeating the same process, selecting “Shockwave Flash” and then clicking on the “Enable” button.

 

This is currently an ongoing event and we will update this blog as new information comes to light.