Starting next year, Firefox users who navigate to pages that contain Flash will be asked their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing.
The ScarCruft APT gang has made use of a Flash zero day patched Thursday by Adobe to attack more than two dozen high-profile targets in Russia and Asia primarily.
Adobe is expected to this week patch a Flash Player vulnerability being exploited in targeted attacks.
Adobe pushed out an emergency Flash Player update, patching a zero-day vulnerability. Adobe said a public exploit exists for CVE-2016-4117.
Exploits for an Adobe Flash Player zero day vulnerability have been folded into two exploit kits that are distributing ransomware to infected machines.
Adobe patched its Acrobat, Reader and Digital Editions products today, and said a Flash Player update is due in the “coming days.”
A Silverlight vulnerability patched yesterday by Microsoft could be tied to a Russian hacker who tried to sell a similar zero day to the Hacking Team.
Exploit acquisition company Zerodium announced it would pay up to $100,000 for heap isolation mitigation bypasses against Adobe Flash Player.
Adobe’s announcement that it has retooled—and renamed—Flash is a longterm signal that the vulnerable and fatigued platform is on its last legs.