The Adobe Flash Player continues to be the favourite browser plugin threat actors have been focusing on this year. The recent zero-day exploit that was used in targeted attacks is now part of mainstream exploit kits.
Angler EK and Nuclear EK now include the latest CVE-2015-7645 which was patched by Adobe on October 16. This vulnerability affects Adobe Flash up to version 19.0.0.207.
Both Exploit Kits are blocked by Malwarebytes Anti-Exploit before they even have the chance to unleash their malicious payload.
Because Flash has been such a hot target this year, it is recommended to either disable it or remove it entirely.
People that choose to keep it should always ensure they are running the latest version but also run an exploit mitigation tool in parallel to account for zero-days.
Does exploit work with Edge?
I would think so (If Flash is enabled in Edge & if Flash Player update from Microsoft has not been installed)
How do I disable flash from my google chrome? What all would it affect? and would it matter if I disable flash from running on my computer instead of removing it? I want to keep it installed if I need it for anything, but keep it from running when I don’t need it.
Anyway, good work malwarebytes team! I think it is a good thing you guys do running this blog and informing people about these kinds of issues.