TrendLabs researchers have discovered that attackers found this vulnerability first and have been taking advantage of it for some time, a situation called "zero-day” because defenders have no days in which to provide protection against the vulnerability.
According to Trend Micro, malware that takes advantage of this vulnerability is being spread using malicious banner ads (malvertisements) that may be displayed on legitimate networks. This particular vulnerability is also being used in the “Angler” exploit kit, which is one of the most commonly used exploit kits today and which can spread attacks widely.
Trend Micro advises businesses to:
Trend Micro advises businesses to:
· Keep systems and programs up-to-date
· Run a mature, full-featured security package
In zero-day situations the first step will only come into effect once Adobe releases a patch. In the absence of a bulletin from the software vendor affected, Trend Micro advises disabling the software until a fix is released.
Trend Micro's existing solutions are able to detect this threat, but the company also recommends that businesses keep themselves protected with an end-to-end advanced persistent threat (APT) solution.
Read Trend Micro's blog post on the vulnerability here.
