Disable now: Adobe Flash is under fire and there's no security fix

Disable now: Adobe Flash is under fire and there's no security fix

The latest version of Flash for Windows and Mac — the one that is under attack — is version

An exploit kit known as Angler is targeting a previously unseen flaw in the latest version of Flash Player, which Adobe only updated a week ago.

It may be time for Windows users to disable the Flash Player browser plugin, according to researcher “kafeine”, who reported today that the Angler exploit kit is targeting a newly discovered flaw in the media player.

Since Adobe doesn’t have a fix for the flaw, the malware researcher suggests “disabling Flash Player for some days might be a good idea”.

The latest version of Flash for Windows and Mac — the one that is under attack — is version The attack comes just one week after Adobe fixed nine flaws in Flash Player, including seven that were remotely exploitable.

Angler is one of handful of “exploit kits” that contain multiple remote attacks for flaws in widely used products like Flash, PDF readers like Adobe Reader and Java.

While exploits for flaws that have been patched by affected vendors are run-of-the-mill for these kits, it’s less common for them to contain attacks for previously unseen or ‘0-day’ flaws. Those flaws are typically discovered after a highly targeted attack.

On the “Malware don’t need Coffee” blog, @kafeine outlined the system configurations for Flash Player that are so far confirmed to have been successfully exploited. These include Windows XP running Internet Explorer (IE) 6 through to 9, Windows 7 with IE8, and Windows 8 running IE10 with the Windows8-RT-KB3008925-x86 update.

System configurations confirmed to be safe from the attack include the most recently updated version of Windows 8.1 and Chrome.

The researcher was still running tests on other configurations when contacted by CSO Australia but was not able to provide further details.

Adobe has yet to offer official advice for users, however an Adobe spokesperson told CSO Australia that "we aware of the report and are investigating".

The most notorious exploit kit in recent years has been Blackhole however Cisco in its 2015 annual security report noted that Angler — which uses Flash, Java, IE and Silver light flaws - was “the one to watch” in 2015.

Kafeine noted that the free version of Malwarebytes Anti Exploit did manage to stop the exploit.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Read more: Sandbox-busting Adobe Reader zero-day bundled in Blackhole

Upcoming IT Security Events

Feb 3rd, Feb 4th, Feb 6th 2015

Read more: Adobe warns of zero day Acrobat, Reader attacks

Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective. 

Register Today Seats are limited

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt

Read more: Understanding the underground asset landscape with augmented reality

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Enex TestLabmalwarejavawindows xpadobe flashadobe readerflash playerMalwarebytesBlackholesecurity fixesCSO AustraliakafeinePDF readers@kafeineAnglerWindows usersdisable now

Brand Post

How to become the best IT MSP

This article provides guidance for managed service providers (MSPs) that want to grow their business. It is also useful for any IT service provider looking to move from the break-fix model to managed IT services.



Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
Show Comments