After skipping their normal monthly patch day for the first time in years, Adobe was forced to release an emergency update to fix a zero day Flash vulnerability that attackers are exploiting in the wild. According to Kaspersky, criminals are leveraging this flaw in spear phishing emails that contain malicious, Flash-embedded Office documents. If you open one of these booby-trapped documents, it installs the Finfisher malware. Watch the video below for more details, and patch Flash if you got it.
Episode Runtime: 1:31
Direct YouTube Link: https://www.youtube.com/watch?v=jjXIa1Cqo5s
EPISODE REFERENCES:
- Adobe releases emergency Flash update to fix zero day – The Register
- Adobe’s security advisory page – Adobe
- Microsoft’s Windows Flash updates – Microsoft
—Corey Nachreiner, CISSP (@SecAdept)
Be careful if you are a VMware user as the new flash updates will cause the web client to crash.
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2151945