It appears that for at least one day, Skype has served malicious ads, which in turn pushed a fake Flash Player update onto users. The malicious ads came to light after Reddit and Twitter users complained about Skype forcing a Flash Player update down their throat.
In an era of the Internet when most browser vendors are taking steps to migrate away from Flash and all security experts recommend you blast that piece of insecure junk off your computer, the nice people at FedEx are giving you a $5 promo code to (re)install or reactivate it in your browser.
As everyone kind of expected, Google Chrome, the world's leading browser with a comfortable market share of above 50%, is also the most installed software package.
Today Microsoft released the MS17-005 Security Update for Adobe Flash Player (4010250), which patches a remote code execution vulnerability in Adobe Flash Player. This update resolves the same vulnerabilities patched by Adobe on February 14th in their APSB17-04 update.
It is unbelievable that almost five years after Adobe announced it would stop developing Flash Player for Android, users are still installing a non-existent piece of software, which in almost all cases is just malware in disguise.
Adobe has released updates for Adobe Flash Player, Digital Editions, & Campaign that fix a total of 24 security vulnerabilities, with half of them being in Adobe Flash Player. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version.
Starting with March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions.
Google has made a few changes to recent Chrome versions that most users are bound to disagree with since it takes away some of their control over the browser.
Adobe has released updates for Adobe Acrobat, Reader, and Flash that resolve a total of 42 security vulnerabilities. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version.
Adobe released today Flash Player 24 for Linux, after previously abandoning the application without explanation in 2012. Flash Player for Linux is now on par with Windows and Mac releases on version 24, after spending the last few years stuck at version 11.2 and only receiving small patches and security fixes, but no new features.
In yesterday's monthly security patch, Adobe fixed a bug in Flash Player that would have allowed an attacker to hijack permissions granted to other Flash applets and spy on users via their camera or microphone
Microsoft is following in the footsteps of other browser makers such as Apple, Google, and Mozilla, and says that upcoming Edge browser versions will favor HTML5 over Flash by default.
Adobe released security updates for Adobe Animate, Adobe Flash Player, Adobe Experience Manager Forms, Adobe DNG Converter, Adobe Experience Manager, Adobe Adobe Adobe Digital Editions, and Adobe Robohelp. ColdFusion Builder, InDesign, Manager, that resolve 30 security vulnerabilities.
For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites.
Very busy ransomware week. We have two new ransomware infections being pushed out by exploit kits, some decryptors, and lots of small variants being released. The big news is the release of the master decryption keys for the CrySiS ransomware and Kaspersky's Rakhnidecryptor being updated to use them.
Fake Flash Player update sites have long been a favorite distribution method for adware and other unwanted programs. Today, a fake Flash update site was discovered by ExecuteMalware that is pushing the Locky ransomware.
Today, Adobe released security updates for Adobe Flash Player and Adobe Connect that fix a total of ten vulnerabilities. The Adobe Connect update resolves a cross-site scripting (XSS) vulnerability, while the Flash Player updates resolves 9 critical vulnerabilities that could lead to remote code execution.
Adobe has released an emergency update for Adobe Flash Player that resolves a critical vulnerability that is actively being abused to execute commands on vulnerable computers. According to Adobe Security Bulletin APSB16-36, Adobe has become aware of a report that an exploit for CVE-2016-7855 is actively being used in targeted attacks
Today, Adobe released security updates for Adobe Flash Player, Adobe Acrobat and Reader, and Creative Cloud Desktop. When you combine the vulnerabilities patched for the three products, there are 84 exploits fixed, with many of them being labeled as Critical, because they allow code execution.