Flash! Saviour of The Universe. Err, not really
If it has escaped your attention, Adobe has announced a new critical vulnerability in Flash Player 22.214.171.1246 and earlier on OSX and Windows: CVE-2015-0313 (unlucky for some).
The announcement is here: https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
‘Yawn, yawn, so what? More fuel for the fudmeisters in security outfits like those rascals at ITC’. We can feel you thinking it.
Well here’s the ‘so what?’ This particular nasty is being actively exploited by hackers via poisoned adverts on sites including Dailymotion, the video sharing website, and other credible sites.
The vulnerability promises the usual crash/full takeover of system badness and needs to be taken seriously.
If users have auto-update for Flash turned on, Adobe were including a fix from February 4 2015 (version 126.96.36.1995), and promise to have a downloadable patch out today, 5th February 2015. Get patching.
There are some commentators recommending that users turn on the ‘click to play’ feature to stop automatic content infecting your machines and this may buy you some time, unless of course you click to play an infected advertisement. Hmm.
As part of ITC’s NetSure360° Managed Security platform, we can identify machines connected to your network running out of date and vulnerable applications in real-time, and exile them to a Very Safe Place until they remediate, or even ban them completely, or send the user a nice fluffy message recommending calling the helpdesk who love nothing more than patching user machines because the user can’t be bothered.
We can do this for corporate and BYOD devices and are seeing adoption of technologies like this as an essential component of the security toolbox, enabling visibility, control and assurance of your network and assets together with protection from devices you do not control and patch.
If you would like to know more about this, or any other security issue, please contact us on: 020 7517 3900 or email [email protected]