A new zero-day vulnerability in Adobe Flash Player being exploited in limited, targeted attacks has been spotted, according to a blog post by Symantec.
The critical vulnerability affects Adobe Flash Player 21.0.0.242 and earlier versions for the following operation systems:
Windows
Mac OS X
Linux
Chrome OS
The zero-day (CVE-2016-4171) is due to be patched today (16 June) as part of Adobe’s monthly security update.
Flash Player users are advised to immediately update to the latest version once it is available. Since this vulnerability is already being exploited in the wild, users should make updating this software a priority.
With the number zero-day exploits being discovered continuing to rise the efforts of hackers trying to profit from these types of attacks show no signs of letting up anytime soon.
According to findings in Symantec’s 2016 Internet Security Threat Report zero-days rose by a staggering 125% last year, meaning a new vulnerability was discovered every week (on average). This just goes to highlight that zero-day attacks are now of the most common go to techniques that cyber-criminals are using in their malicious activities.
“Zero-day exploits are VERY profitable,” Luis Corrons, PandaLabs Technical Director at Panda Security, told Infosecurity. “This is because during the window of time in which the vulnerability is being exploited and a patch is released, and then applied, anyone exposed to it will be compromised.”
However, there are a number of security measures that can be taken to reduce the risk of being hit by zero-days such as never installing unnecessary software and making sure any software you do have is fully updated, Corrons said.
“The best approach is to use security services that include anti-exploit technologies and that monitor all processes running in the computers, so as long as a trustable process starts behaving strangely, it can be noticed and blocked in time,” he added.