Low Hanging Fruit: Flash Player

Flash Player version 16.0.0.296 is now available.

Flash Player Versions

In Windows, you can check what version you have installed via Flash’s Control Panel applet.

Settings Manager, Flash Player 16.0.0.296

According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.

Adobe Bulletin CVE-2015-0311

We’re not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.

And not only that, but more. At this point, we recommend enabling “click-to-play” options. Here’s an example from Firefox with the “Ask to Activate” configured.

Firefox, Flash, Ask to Activate

Google Chrome also offers options in its “advanced” settings.

Why do we recommend click-to-play? Because Flash Player is currently the application most aggressively targeted by exploit kits.

Here are some stats from last week from which you can see that Angler, which was targeting a Flash Player 0-Day vulnerability, was leading the exploit kit market.

Finland:

Exploit Kits, January 2015 FI

Germany:

Exploit Kits, January 2015 DE

United Kingdom:

Exploit Kits, January 2015 UK

And Angler was number one in several other regions as well.

So, update your Flash Player, set it to auto-update, and configure click-to-play.

On 27/01/15 At 05:13 PM

Read more: Low Hanging Fruit: Flash Player

Story added 28. January 2015, content source with full text you can find at link above.