SECURITY ALERT: Adobe Flash Vulnerability Detected
Adobe has released a Zero Day Vulnerability Advisory for Adobe Flash Player 220.127.116.11 and Earlier Versions
What is a zero day vulnerability?
A zero-day exploit is an attack that exploits a previously unknown security vulnerability. A zero-day attack is also defined as an attack that takes advantage of a security vulnerability on the same day that the vulnerability becomes known. Essentially, it means hackers waste no time in targeting the technological weakness and exploiting sensitive information.
What is the vulnerability in Adobe Flash and how may it affect me?
The exploit is being distributed through a Microsoft Excel document that has a malicious Flash object embedded into it. When you activate the Excel spreadsheet, the infected document releases a virus into your system. If it is successful, hackers can gain full control of a computer which could result in the installation of malicious applications, potential access to passwords and/or a loss of information.
How to protect your organization:
A patch has recently be issued for all affected devices. However, we advise uninstalling Flash from all computers. For people who rely on sites that require Flash, Google’s Chrome browser provides a customized version of the player that’s protected by a security sandbox and can be turned on for specific sites.
If for unique business reasons you require the ability to run Flash and you are not running Windows 10, update your Flash player as soon as you are prompted to do so in the system tray or visit the Flash Player, uncheck the circled check boxes and then make sure to “allow Adobe to install updates (recommended)” is checked. Click “Next” and follow the rest of the instructions to complete the process.
Experts believe a hacker organization called Group123 is leading the attack on this vulnerability. This group has ties to North Korea and is known for similar exploits. It is presumed this group would be looking to gain access to higher level databases but all Flash users should be aware.
Datasmith is here to make sure your business is as protected as possible. If you have any questions or concerns, please do not hesitate to contact us!