Flash zero-day flaw under attack to spread ad malware...

According to the MS advisory there is an update for Technical Preview.

https://technet.microsoft.com/library/security/2755801

Jim

lehnerus2000 said:

When my friend and I first read about Java (many years ago) we both thought that it was "a disaster waiting to happen".

kind of like putting a computer in the hands of 5billlion people

Flash was updated to day to fix this exploit. (Flash 16.0.0.287). But then they found another exploit in this new version and it will be patched the week of Jan 26

Adobe Product Security Incident Response Team (PSIRT) Blog | Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com.

Jim

Hi there

apart from the vulnerabilities of Flash and Java this amplifies my often made point about using 3rd part AV software on W8/8.1/W10 - that it's a total and utter waste of time. Ms can react far quicker and issue an update to Windows defender which is part of the proprietary windows code. 3rd party suppliers have to reverse engineer windows kernel (not easy) and do any number of things to ensure their stuff works and reverse engineering or "dis-assembling" a complex system like windows isn't a trivial task.

3rd party AV suppliers have had their time -- it's GONE now -- any Windows OS past W7 doesn't need this stuff any more.

(Home computers of course --protecting large corporate networks is another issue but then you are talking about Enterprise grade packages - both complex and definitely not cheap).

I'm still amazed at how many times I get pestered in a computer retail store to buy an add on "AV" package if I'm say getting a laptop or whatever. The sales staff simply can't believe when I say - don't bother selling me Norton or whatever - Windows has a perfectly good built in system already.

Cheers
jimbo

HTML5 should replace all Flash references, the same way Barry Allen replaced Jay Garrick.
Over time, it will - I only wish it were faster.

jimbo45 said:

Hi there

apart from the vulnerabilities of Flash and Java this amplifies my often made point about using 3rd part AV software on W8/8.1/W10 - that it's a total and utter waste of time. Ms can react far quicker and issue an update to Windows defender which is part of the proprietary windows code. 3rd party suppliers have to reverse engineer windows kernel (not easy) and do any number of things to ensure their stuff works and reverse engineering or "dis-assembling" a complex system like windows isn't a trivial task.

3rd party AV suppliers have had their time -- it's GONE now -- any Windows OS past W7 doesn't need this stuff any more.

(Home computers of course --protecting large corporate networks is another issue but then you are talking about Enterprise grade packages - both complex and definitely not cheap).

I'm still amazed at how many times I get pestered in a computer retail store to buy an add on "AV" package if I'm say getting a laptop or whatever. The sales staff simply can't believe when I say - don't bother selling me Norton or whatever - Windows has a perfectly good built in system already.

Cheers
jimbo

Jimbo45,

Even though I don't like Norton's virus protection. This time Symantec had an update before MSE or defender did-it was report that way.

Thank you Malewarebytes Anti-Exploit.
After fully updating Flash and Windows 8.1 I was browsing my local TV station.
Clicked on a Flash video and ZAP! MB A-E blocked an exploit.
So I will run extra protection but to each his own.

Jim

Adobe has fixed the exploit in 16.0.0.287 and new version to be release real soon.

UPDATE (January 24): users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.