An independent security researcher, known as Kafeine, has discovered a zero-day vulnerability in Flash Player, a week after Adobe issued a patch to fix nine vulnerabilities within the multimedia software.
Kafeine warns that the zero-day flaw has already been incorporated into the Angler EK exploit, a notorious malware attack kit.
Unpatched vulnerability in Flash Player is being exploited by Angler EK http://t.co/vDsiLVwJz5 pic.twitter.com/vRRXL4jpgP
— Kafeine (@kafeine) January 21, 2015
“Disabling Flash player for some days might be a good idea,”Kafeine then advises in a blog post.
Angler EK can give hackers access to your PC, allowing them to install Trojans, keystroke loggers, and other malware on to your system.
Security software provider Malwarebytes considers Angler EK to be one of the most widely-used malware packages, and acknowledges that Flash’s history of vulnerabilities makes it a popular target. “Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin,” Jérôme Segura, senior security researcher at Malwarebytes, said.
Until this latest vulnerability is patched by Adobe, it might be prudent to follow Kafeine’s advice and disable Flash for the time being.
Source: Computing
