[German]A warning to people who are currently checking the Internet for updates to Adobe Flash Player. There are apparently already fake sites that try to push malware onto the user’s systems.
There is a zero-day vulnerability in Adobe Flash Player CVE-2018-4878. After a warning from the Korean CERT, that the Zero Day vulnerability is being exploited, Adobe has also released a Security Advisory. Details can be found in my blog post New Adobe Flash Zero-Day exploit in the wild.
Adobe had announced an update of the Flash Player version 22.214.171.124.161 for February 5, 2018. An update is being rolled out (see my blog post Adobe Flash Player: New Update 126.96.36.199). Within this article I pointed out, how to obtain the Flash Player update from Adobe.
Fake-Sites offering Malware
According to a report at Bleeping Computer, there are first fake sites that try to push a Flash Player installer with PUPs onto the user systems. Lawrence Abrams from Bleeping Computer visited such a website. During visit of the Fake ‘Adobe Flash Player Update page’ a popup appears. The popup contains a message, that the Flash Player is outdated and needs to be updated. If the user accepts to install the Flash Player, the browser downloads a file java-player.exe and installs a crypto miner. Go to my blog post Adobe Flash Player: New Update 188.8.131.52 and use the links within my article to obtain the updates from Adobe.
New Adobe Flash Zero-Day exploit in the wild
How to disable Adobe Flash Player in Windows 8, 8.1, 10
Adobe Flash Player: New Update 184.108.40.206
Adobe Flash Player version 220.127.116.11 released
Cookies helps to fund this blog: Cookie settings