A recently patched vulnerability in Adobe Flash Player is being actively attacked via exploit kits. This means that visiting a hacked website or seeing infected ads with a vulnerable Flash Player version is sufficient to infect with malware.
The vulnerability in question was resolved by Adobe on February 6 through an emergency patch . The vulnerability appeared to have been targeted against South Korean organizations since last November . Here Excel and Word files with embedded Flash objects were used. Now it appears that cyber criminals also have the exploit to use them via the web.
Flash Player was and still is the most popular target for exploit kits. Due to the absence of new exploits, and the fact that more and more browsers are phasing out the support of Flash Player, the effectiveness of exploit kits has declined sharply in the past period . According to researcher Kaffeine of the Malware do not need coffee blog , this is the first new Flash exploit that has been added to an exploit kit since July 2016 for a Flash leak. The new Flash exploit will be deployed via infected ads and will successfully install the Hermes ransomware. Users are therefore advised to upgrade to Flash Player version 28.0.0.161 or later, as the vulnerability has been corrected.
No comments:
Post a Comment