Third Hacking Team Flash Zero- Day Found — Krebs on Security. For the thirdtime in a week, researchers have discovered a zero- day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world. News of the latest Flash flaw comes from Trend Micro, which said it reported the bug (CVE- 2. Adobe’s Security Team. Adobe confirmed that it is working on a patch for the two outstanding zero- day vulnerabilities exposed in the Hacking Team breach. We are likely to continue to see additional Flash zero day bugs surface as a result of this breach. Instead of waiting for Adobe to fix yet another flaw in Flash, please consider removing or at least hobbling this program. Google Chrome comes with its own version of Flash pre- installed, but disabling it is easy enough. On a Windows, Mac, Linux or Chrome OS installation of Chrome, type “chrome: plugins” into the address bar, and on the Plug- ins page look for the “Flash” listing: To disable Flash, click the disable link (to re- enable it, click “enable”). Windows users can remove Flash from non- Chrome browsers from the Add/Remove Programs panel, and/or using this Flash Removal Tool. Note that you must exit out of all Web browsers before running the tool. To verify that Flash has been removed, visit this page; if it says your browser needs Flash, you’ve successfully removed it. For Mac users, Apple. Insider carries a story today that has solid instructions for nixing the program from OS X once and for all.“Flash has become such an information security nightmare that Facebook’s Chief Security Officer called on Adobe to sunset the platform as soon as possible and ask browser vendors to forcibly kill it off,” Apple. Insider’s Shane Cole writes. Unfortunately, some sites — including many government Web sites — may prompt users to install Flash in order to view certain content. Perhaps it’s time for a petition to remove Flash Player from U. S. Government Web sites altogether? If you agree, make your voice heard here. Script- blocking applications like Noscript and Script. Safe are useful in blocking Flash content, but script blockers can be challenging for many users to handle.
Another approach is click- to- play, which is a feature available for most browsers (except IE, sadly) that blocks Flash content from loading by default, replacing the content on Web sites with a blank box. With click- to- play, users who wish to view the blocked content need only click the boxes to enable Flash content inside of them (click- to- play also blocks Java applets from loading by default). Windows users who decide to keep Flash installed and/or enabled also should take full advantage of the Enhanced Mitigation Experience Toolkit (EMET), a free tool from Microsoft that can help Windows users beef up the security of third- party applications. Krebs on Security In-depth security. Adobe confirmed that it is working on a patch for the two outstanding zero-day. Find patch jeans at ShopStyle. Wrangler Women's Premium Patch Booty Up. Amp up your rear view with help from Wrangler's Premium Patch jeans, featuring Booty Up. Tags: Adobe Flash Player zero- day, Apple. Insider, CVE- 2. 01. Hacking Team, occupyflash. Shane Cole, trend micro, White House, zero day trifecta. This entry was posted on Monday, July 1. A Little Sunshine, Latest Warnings.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |