More on the exploits currently being leveraged by the Bad Guys:
[The Flash vulnerability] "is 'being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,' Adobe said in a security advisory. A 'drive-by-download' attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent. Note that *no* machine running *any* OS is immune from this, if Flash is installed on it. Besides the ever-vulnerable Windows, Mac OS X and Linux are vulnerable too. Flash, like Windows XP, needs to die. Until it does, just uninstall it and keep a copy of the Google Chrome browser around for occasional use. Better yet, do your Internet media browsing on an iOS or Android device, since Flash is unavailable on those platforms*, forcing websites to use .h264/MPEG-4 encoding for their media. (*Note: Archived copies of old versions of Flash for Android are still available, but only a total idiot would install one of those, right?) —S. http://appleinsider.com/articles/15/01/25/adobe-acknowledges-critical-remote-vulnerability-in-flash-exploits-already-in-the-wild Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wild By AppleInsider Staff <[email protected]> Sunday, January 25, 2015, 01:19 am PT (04:19 am ET) Adobe on Saturday released an updated version of its Flash player software that patches an undisclosed vulnerability which could allow remote attackers to take control of Macs or PCs, urging users to update as the problem is being actively exploited by malicious actors. Flash versions up to and including 16.0.0.287 on OS X and Windows and 11.2.202.438 on Linux are susceptible to the attack, the cause of which has yet to be detailed. Mac users with Adobe's automatic update feature enabled should begin receiving updates to version 16.0.0.296 immediately, and the company is preparing a standalone patch for manual installation to be released this week. Adobe is also working with Google to update the embedded version of Flash included in the Chrome browser. The vulnerability — which has been assigned CVE number 2015-0311 — is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory <http://helpx.adobe.com/security/products/flash-player/apsa15-01.html>. A "drive-by-download" attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent. Adobe defines CVE-2015-0311 as "critical," meaning a "vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware." Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player <http://www.adobe.com/products/flash/about/> page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here <https://forums.adobe.com/thread/1152367>. __._,_.___ ------------------------------ Posted by: "beowulf" <[email protected]> ------------------------------ Visit Your Group <https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmc250NGZtBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0MjIyOTk3MzM-> [image: Yahoo! Groups] <https://groups.yahoo.com/neo;_ylc=X3oDMTJlMWZubjlmBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQyMjI5OTczMw--> • Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> • Unsubscribe <[email protected]?subject=Unsubscribe> • Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/> __,_._,___ -- -- Thanks for being part of "PoliticalForum" at Google Groups. For options & help see http://groups.google.com/group/PoliticalForum * Visit our other community at http://www.PoliticalForum.com/ * It's active and moderated. Register and vote in our polls. * Read the latest breaking news, and more. --- You received this message because you are subscribed to the Google Groups "PoliticalForum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
