Thursday, June 7, 2018

Another In-The-Wild Adobe Flash Exploit,
Another Out-Of-Band Update

--

Same old story. Flash is being exploited in-the-wild again. Adobe has pushed out another unscheduled Flash update. The new version is Adobe Flash 30.0.0.113. Update ASAP if you don't already have Flash automatic update running. Or simply tip the Flash Internet plugin into your Trash and empty it.

Security updates available for Flash Player | APSB18-19
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user. 
Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.
And Adobe has also pushed out at the same time Adobe AIR 30.0.0.107. So far, the update has no security update document.

Remember to ONLY download Adobe stuff DIRECTLY from Adobe. Never, ever, ever trust any Adobe installers that are shoved at you by any website. They're 100% fake and a prominent source of malware infection.

Those Adobe download pages are:

Adobe Flash: https://get.adobe.com/flashplayer/
Adobe AIR: https://get.adobe.com/air/
Adobe Reader DC: https://get.adobe.com/reader/
Adobe Shockwave: https://get.adobe.com/shockwave/

--