Emergency Adobe Flash Patch Fixes Zero-Day Under Attack

msm1267 writes: Adobe has released an emergency patch for a Flash zero-day used in targeted attacks by APT3, the same group behind 2014's Clandestine Fox attacks. Adobe said Flash Player 18.0.0.161 and earlier for Windows and Macintosh systems are affected, as is 11.2.202.466 for Linux 11.x versions.

The current iteration of Clandestine Fox attacks shares many traits with last year's attacks, including generic, almost spam-like phishing emails intent on snaring as many victims as possible that can be analyzed for their value before additional attacks are carried out. The two campaigns also share the same custom backdoor called SHOTPUT, as well as an insistence on using a throwaway command and control infrastructure.

disable flash!

[Gravis+Zero]

i said it before and i'll say it again.

there are very few reasons to keep flash installed/enabled. if you must have it, use flashblock but chances are you can just disable/remove it completely. if some site still uses flash to play video, leave a complaint in the comments. those that haven't switched to html5 yet will do so soon enough.

if you still have java plugin installed, you better have a good reason because no (sane) sites use that shit.

Re:Simpler fix: uninstall

[ShaunC]

Youtube uses HTML5 now. Why does anyone still have a reason to use flash?

Most functionally useful weather radars, including NOAA's, require Flash. My state's Department of Transportation uses Flash for their traffic cameras. Livestream.com, which hosts my local TV news broadcasts along with other stuff like SpaceX launches, is still Flash. And if I want to view any cable TV programming on the computer, Comcast's player is Flash based.

I'd love to have uninstalled Flash a long time ago; for the time being I have to keep it around and use Flashblock.