New Adobe Flash zero-day exploit discovered in malvertisements
Authored by a Symantec employee
A new Adobe Zero-day exploit was discovered by Trend Micro on February 2nd, 2015. A Zero-day exploit is when there is an unpatched bug in a software program that allows hackers access to inject malware into your computer.
A security suite that helps protect your devices.
Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.
How can cybercriminals infect my system?
In this particular case, the malware is delivered via malvertising, which is a form of an attack that uses legitimate online advertising networks to deliver malicious code onto your computer. Unfortunately, you don’t even have to do anything to be infected by this kind of malvertising, as it often uses a drive-by-download; where all a user has to do to contract the malware is to visit the infected webpage or be redirected to a compromised site.
Does this issue affect me?
Adobe has acknowledged this new vulnerability and has stated the following versions are affected:
- Adobe Flash Player 126.96.36.1996 and earlier versions for Windows and Macintosh
- Adobe Flash Player 188.8.131.524 and earlier 13.x versions
- Adobe Flash Player 184.108.40.2060 and earlier versions for Linux
Adobe has also stated that a patch will be available some time this week. The vulnerability is currently unpatched.
This is the second vulnerability that comes a week after the discovery of the Angler Exploit Kit. It is important to note that Flash users who applied the newly released software update from Adobe last week for the Angler Exploit Kit will still be exposed to this new vulnerability.
How do I stay protected?
Users who are concerned about this issue can temporarily disable Adobe Flash in the browser by taking the following steps:
Internet Explorer versions 10 and 11
- Open Internet Explorer
- Click on the “Tools” menu, and then click “Manage add-ons”
- Under “Show”, select “All add-ons”
- Select “Shockwave Flash Object” and then click on the disable button.
You can re-enable Adobe Flash by repeating the same process, selecting “Shockwave Flash Object” and then clicking on the disable button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using in the top right corner.
- Open Firefox
- Open the browser menu and click “Add-ons”
- Select the “Plugins” tab
- Select “Shockwave Flash” and click “Disable”
You can re-enable Flash by repeating the same process, selecting “Shockwave Flash” and then clicking on the “Enable” button. This is currently an ongoing event and we will update this blog as new information comes to light.
Our best protection. One low price
Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.