After skipping their normal monthly patch day for the first time in years, Adobe was forced to release an emergency update to fix a zero day Flash vulnerability that attackers are exploiting in the wild. According to Kaspersky, criminals are leveraging this flaw in spear phishing emails that contain malicious, Flash-embedded Office documents. If you open one of these booby-trapped documents, it installs the Finfisher malware. Watch the video below for more details, and patch Flash if you got it.
Episode Runtime: 1:31
Direct YouTube Link: https://www.youtube.com/watch?v=jjXIa1Cqo5s
EPISODE REFERENCES:
- Adobe releases emergency Flash update to fix zero day – The Register
- Adobe’s security advisory page – Adobe
- Microsoft’s Windows Flash updates – Microsoft