A new zero-day vulnerability that affects Adobe Flash has been discovered, and is already being exploited by cybercriminals. One of the samples obtained by Trend Micro's Smart Protection Network show that it's the same zero-day exploit that security researcher Kafeine had reported only hours earlier.
A quick summary of the most important details about this particular vulnerability:
What is ad (advertisement) fraud? Ad fraud is done by a program designed to automatically click on certain ads on a certain website, artificially inflating the amount of clicks that ad gets. Since ad networks pay the owner of the website hosting their ads based on the amount of click each ad gets, ad fraud games the system by tricking the hapless ad network to pay more.
This may sound harmless as it doesn’t necessarily affect users, but the fact that it does install malware onto your system –which in turn may download and install other, more damaging and harmful malware onto your system – makes this particular vulnerability something to be aware of.
[From the Security Intelligence Blog: Flash Greets 2015 With Zero-Day]
A patch to address this vulnerability hasn't been released. In the meantime, users can turn Adobe Flash Player off for the time being. It has also been noted that Chrome's Flash Player plugin and Firefox is not affected by this threat.
January 22 Update: The exploit now targets Firefox, along with Internet Explorer. Chrome is still unaffected. Users who can't disable Flash Player can consider installing ad blocking software or browser extensions.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.