Low Hanging Fruit: Flash Player
Flash Player version 22.214.171.1246 is now available.
In Windows, you can check what version you have installed via Flash’s Control Panel applet.
According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.
We’re not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.
And not only that, but more. At this point, we recommend enabling “click-to-play” options. Here’s an example from Firefox with the “Ask to Activate” configured.
Google Chrome also offers options in its “advanced” settings.
Why do we recommend click-to-play? Because Flash Player is currently the application most aggressively targeted by exploit kits.
Here are some stats from last week from which you can see that Angler, which was targeting a Flash Player 0-Day vulnerability, was leading the exploit kit market.
And Angler was number one in several other regions as well.
So, update your Flash Player, set it to auto-update, and configure click-to-play.
On 27/01/15 At 05:13 PM