23 January 2015

Trend Micro announces zero day vulnerability for Adobe Flash Player on Windows

Trend Micro has shared a new vulnerability affecting Adobe Flash Player for Windows that allows hackers to take over a victim's system. There is no indication that attackers are targeting Adobe Flash Player on other platforms like Mac or Android, the company added. 

TrendLabs researchers have discovered that attackers found this vulnerability first and have been taking advantage of it for some time, a situation called "zero-day” because defenders have no days in which to provide protection against the vulnerability. 

According to Trend Micro, malware that takes advantage of this vulnerability is being spread using malicious banner ads (malvertisements) that may be displayed on legitimate networks. This particular vulnerability is also being used in the “Angler” exploit kit, which is one of the most commonly used exploit kits today and which can spread attacks widely.

Trend Micro advises businesses to:

· Keep systems and programs up-to-date
· Run a mature, full-featured security package

In zero-day situations the first step will only come into effect once Adobe releases a patch. In the absence of a bulletin from the software vendor affected, Trend Micro advises disabling the software until a fix is released.

Trend Micro's 
existing solutions are able to detect this threat, but the company also recommends that businesses keep themselves protected with an end-to-end advanced persistent threat (APT) solution. 

Read Trend Micro's blog post on the vulnerability here.