Page 1 of 1

Patch or ditch Adobe Flash

PostPosted: Tue Apr 10, 2018 3:59 am
by DaFoxx
Patch or ditch Adobe Flash: Exploit on sale, booby-trapped Office docs spotted in the wild

https://www.theregister.co.uk/2018/04/0 ... t_builder/

In case you needed another reason not to open Adobe Flash or Microsoft Office files from untrusted sources: ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug.

This means less-than-expert hackers can use ThreadKit to craft booby-trapped Office files, and fling them at victims in emails or downloads, so that when they are viewed on unpatched systems, malicious code within the files is executed via the Flash security hole.

Exploit code samples started showing up in the wild a few days ago.

Adobe issued a patch for CVE-2018-4878 in February, warning that an exploit for the vulnerability was circulating via Microsoft Office documents with embedded malicious Flash content

Since the exploit was folded into ThreadKit, examples of fiendish files leverage this latest Flash bug began appearing in antivirus engines.

Re: Patch or ditch Adobe Flash

PostPosted: Sun Apr 15, 2018 12:13 am
by rapier57
Ditch it. And ditch Java Runtime, as well, if you can.

I've been running without Adobe Flash for some years now and not missing it at all. Of course, I no longer use Windows. Not even in a virtual. I took Java Runtime off my Mac some time ago, as well.

If you run current browsers and OS's, you don't need Adobe Flash since HTML5 renders most video just fine. Java Runtime is problematic in that is allows someone to drop executables to your system and run them. One family member is addicted to Pogo Games. Some of those still require JR to be installed, but Adobe Flash is embedded into IE and Edge, now.