Al Bundy (09-04-16),cmangle (09-04-16),efab (09-04-16),gordon_s1942 (09-04-16),ol' boy (09-04-16),Philquad (09-04-16),shred (09-04-16),tristen (09-04-16),Uncle Fester (09-04-16)
Just got this email from Malwarebytes.
Dear Tiny,
Adobe issued an emergency update to its Adobe Flash Player software today after researchers discovered a vulnerability that was being exploited to deliver ransomware. Flash has over one billion users, so odds are you are affected by this update.
But Malwarebytes proactively protected its millions of customers from this attack, blocking the ransomware before it could encrypt files.
As a precaution, we suggest you update your Adobe Flash Player (Shockwave Flash Plugin). In addition, we urge you to consider installing both and for the layered protection that stops attacks like this from infecting your computer. Malwarebytes Anti-Exploit Premium blocks the exploit attempt, while Malwarebytes Anti-Malware Premium stops the ransomware execution (if Malwarebytes Anti-Exploit Premium is not installed).
We'd hate to see your computer compromised. Here at Malwarebytes, we pledge to keep you protected and informed about the latest issues. Your peace of mind is our number one priority.
Sincerely,
The Malwarebytes Team
P.S. Learn more about this threat
Adobe has just released a for the infamous Flash Player to fix a vulnerability actively by some exploit kits. This vulnerability was actually a zero-day (CVE-2016-1019) but exploit kit authors botched its integration which resulted in only affecting older versions of Flash.
Another saving grace was the fact that a “mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later“.
Nonetheless, since this could be tweaked and made functional to work on fully patched versions as well, Adobe went on to fix the bug.
The Magnitude EK which has been very active as of late was in fact using CVE-2016-1019 for some time. As we reported earlier this month, several (still) active malvertising campaigns are pushing Magnitude with a little tweak, including a right before the landing page.
Last edited by Tiny; 09-04-16 at 10:57 AM.
Cheers, Tiny
"You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
The information is out there; you just have to let it in."
Al Bundy (09-04-16),cmangle (09-04-16),efab (09-04-16),gordon_s1942 (09-04-16),ol' boy (09-04-16),Philquad (09-04-16),shred (09-04-16),tristen (09-04-16),Uncle Fester (09-04-16)
Look Here -> |
Adobe Security Advisory
Security Advisory for Adobe Flash Player
Release date: April 5, 2016
Last updated: April 6, 2016
Vulnerability identifier: APSA16-01
CVE number: CVE-2016-1019
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary
A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later.
Adobe is planning to provide a security update to address this vulnerability as early as April 7. For the latest information, users may monitor the .
Mitigations
A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe recommends users of Adobe Flash Player, who have not already done so, immediately update to the current version of Flash Player via the update mechanism within the product or by visiting the . If you use multiple browsers, install the update in each browser you have installed on your system.
To verify the version of Adobe Flash Player installed on your system, access the , or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Severity ratings
Adobe categorizes this as a vulnerability.
Acknowledgments
Adobe would like to thank Kafeine (EmergingThreats/Proofpoint) and Genwei Jiang (FireEye, Inc.), as well as Clement Lecigne of Google for reporting CVE-2016-1019 and for working with Adobe to help protect our customers.
Revisions
April 6, 2016: Expanded the Windows Operating Systems targeted by the exploit for CVE-2016-1019 to include all versions (Windows 10 and earlier). This advisory previously referenced only Windows 7 and XP.
Cheers, Tiny
"You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
The information is out there; you just have to let it in."
pmbrford (16-05-16)
Thanks for the info.
Mine was up-to-date.
Flash needs to die. It just has to go... and I'll then happily urinate on the grave.
Thanks for the warning. I just disabled it after I got lazy and used it again after many years of abstinence because of a site I needed.
I wish they would just stop using Flash, bloody ban it from the internet.
Update: A deletion of features that work well and ain't broke but are deemed outdated in order to add things that are up to date and broken.
Compatibility: A word soon to be deleted from our dictionaries as it is outdated.
Humans: Entities that are not only outdated but broken... AI-self-learning-update-error...terminate...terminate...
Al Bundy (09-04-16)
04/07/16 Adobe Flash Player 21.0.0.213
Flash Player 21 Windows for Internet Explorer - ActiveX: 21.0.0.213
Flash Player 21 Windows for Firefox and other Netscape Compatible Browsers - NPAPI: 21.0.0.213
Flash Player 21 Windows for Opera and Chromium Based Browsers - PPAPI: 21.0.0.213
Flash Player 21 for Internet Explorer on Windows 8.1 (64-bit machine): 21.0.0.213
Flash Player 21 for Internet Explorer on Windows 8.1 (32-bit machine): 21.0.0.213
Flash Player 21 Windows for Internet Explorer and Edge on Windows 10 - ActiveX: 21.0.0.213
Flash Player 21 Mac for Safari, Firefox and other Netscape Compatible Browsers - NPAPI: 21.0.0.213
Flash Player 21 Mac for Opera 26 and Chromium Based Browsers - PPAPI: 21.0.0.213
Thanks for this information. I will share this also.
Bookmarks