Search

 

Can't find what you are looking for? Contact Us: 1-855-667-2642 or inquiries@npcmail.net

 

NPC Security Alerts
Critical Adobe Flash Player Vulnerability

April 8th, 2016



What's the issue?

In a security advisory Adobe issued on April 5th, 2016, Adobe explained that a critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions that could lead to crashes and unauthorized takeover of affected systems.

Adobe did not go into detail about the vulnerability, but reports that it is "being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier." Although this vulnerability has only been reported on Windows OS, systems running Macintosh, Linux and Chrome OS with vulnerable versions of Flash Player are also at risk.


How are cybercriminals using this exploit?

PC World is reporting that the vulnerabilities in Flash Players have 24 critical vulnerabilities, 22 of which "can result in remote code execution on users' computers, one can lead to a security feature bypass and one can be used to bypass the memory layout randomization mitigation that's supposed to make exploitation harder in general."

Cybercriminals are using these flaws as an opportunity to exploit users with ransomware through web-based attacks.

Proofpoint, an email security vendor, reports that one of their customers received a malicious email with a document containing a macro that would redirect them to an exploit kit. The exploit kit is a software that is embedded onto web servers with the intent to search and install malware on systems with vulnerable software patches.

In this case, Flash Player is the vulnerable software and the malware used is ransomware.


What should I do?

Check the version of your Adobe Flash Player here, it will indicate if your Flash Player is out of date. If your Adobe Flash Player is out of date update your version to 21.0.0.182 or later, which are patched to protect from exploitation of this vulnerability. The most current version is 21.0.0.213. The version you require may depend on the browser that you use. Note when installing the update to uncheck the Optional offers.


Note to NPC Customers

All NPC DataGuard Pro systems have download updates automated, however, if you wish to re-assure yourself follow the steps above to check your Adobe Flash Player version.

If you have any questions or concerns, do not hesitate to call the support centre at 1-855-667-2642 or email support@npcmail.net.


Sources

Adobe Security Advisory

PC World - "The latest Flash zero-day was used to spread Cerber ransomware"

PC World - "Adobe patches actively exploited FLash Player vulnerability in 24 flaw fix"

Krebs on Security - "Adobe patches Flash Player zero-day threat"



Back

NPC Security Alerts

Receive our NPC Security Alerts email to stay on top of the most important security threats to your devices, data, and your privacy. We do not use this list for any other purpose.

Sign up now