The Adobe Flash Player continues to be the favourite browser plugin threat actors have been focusing on this year. The recent zero-day exploit that was used in targeted attacks is now part of mainstream exploit kits.
Angler EK and Nuclear EK now include the latest CVE-2015-7645 which was patched by Adobe on October 16. This vulnerability affects Adobe Flash up to version 19.0.0.207.
Both Exploit Kits are blocked by Malwarebytes Anti-Exploit before they even have the chance to unleash their malicious payload.
Because Flash has been such a hot target this year, it is recommended to either disable it or remove it entirely.
People that choose to keep it should always ensure they are running the latest version but also run an exploit mitigation tool in parallel to account for zero-days.
COMMENTS
Pingback: Latest Adobe Flash Zero-Day Bug Already Part of Angler and Nuclear Exploit Kits()
Pingback: Latest Adobe Flash Zero-Day Bug Already Part of Angler and Nuclear Exploit KitsOpen Ghana | Open Ghana()
Pingback: Recently Exploited Flash Zero-Day Added to Exploit Kits | Tfun()
Pingback: Recently Exploited Flash Zero-Day Added to Exploit Kits | INSPECT()
Pingback: Recently Exploited Flash Zero-Day Added to Exploit Kits | Mobile Security Review()
Pingback: Recently Exploited Flash Zero-Day Added to Exploit Kits | Virus / malware / hacking / security news()
Pingback: Recently Exploited Flash Zero-Day Added to Exploit Kits | The Daily Discontent()
Pingback: Recently Exploited Flash Zero-Day Added to Exploit Kits | Cyber Security News()
Pingback: Latest Adobe Flash Zero-Day Bug Already Part of Angler and Nuclear Exploit Kits |()