Adobe has confirmed that a recently discovered vulnerability in the current version of Flash for Windows, Macintosh and Linux is actively being exploited on the internet. Adobe is planning to release a patch the week of January 26th, but did not confirm a specific date. Though security vulnerabilities are nothing new to Flash, this particular loophole is being exploited by a well-known and widely distributed exploit “kit” called Angler which could indicate a rapid spread of compromised websites and a large spike in malware infections. Once used to gain access to a victim’s computer, the device could fall prey to any number of malicious programs, including key loggers, ratting, ransomware, and good ole-fashion zombification.
What this means for you:
According to Adobe’s own advisory, pretty much everyone is affected by this exploit, though some reports suggest that Windows 8.1 and Chrome users may be safe for the moment, but that was based upon the current version of the Angler kit in distribution. The actual security hole Angler exploits exists in every version of Flash on all OS platforms. The easiest way to protect yourself from this exploit is to disable Flash altogether. For all browsers except Chrome is usually a matter of disabling the plug-in. For Chrome, you have to type “chrome://plugins/” into your address bar to access the hidden internal plug-ins page, at which point you can disable it from there. Aside from keeping your browser’s “head” down until the storm passes, make sure your antimalware software is functioning properly and updated, and avoid any strange links you may receive over the coming week.