Adobe Flash zero day?

[REDACTED]

There is a zero day exploit in the wild that today's Adobe Flash patch did not address.  Adobe says it will be patched on Monday. 
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

In the meanwhile, are Avast users protected?  Symantec says in its preliminary investigation that its heuristic engines catches the exploit. 
http://www.symantec.com/connect/blogs/unconfirmed-zero-day-vulnerability-discovered-adobe-flash-player

edit:  It may not be Monday per se, the Adobe advisory just says Jan 26 week. 

[REDACTED]

I read somewhere that your protected from this zero day if you use Google Chrome and/or Windows 8.1. Can't remember where, but you can look it up.

[Milos]

Hello,
yes, avast detects known samples.

Milos

[midnight]

https://technet.microsoft.com/library/security/2755801

[REDACTED]

https://technet.microsoft.com/library/security/2755801

Thats the flash update on Jan 22.  The one, the one being actively exploited and unpatched is the one in the links. 

"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26. "

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

"TL:DR  Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled."

"Safe : - Chrome : They are not firing that bullet "


http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

The point being absent an AV that can handle the new zero day.  A large majority of computers are vulnerable to.   I use Firefox as a my main browser, I can temporally use Chrome, but it would be nice if we can get any official word from Avast that they have definitions for he new exploit until Adobe can patch flash next week. 

[schmidthouse]

Protected by MBAE https://forums.malwarebytes.org/index.php?/topic/163793-new-flash-0-day-blocked-by-mbae/  and Avast. 

[REDACTED]

Protected by MBAE https://forums.malwarebytes.org/index.php?/topic/163793-new-flash-0-day-blocked-by-mbae/  and Avast. 

I see MBAE, but I don't see any mention anywhere of Avast. 

[schmidthouse]

Protected by MBAE https://forums.malwarebytes.org/index.php?/topic/163793-new-flash-0-day-blocked-by-mbae/  and Avast. 

I see MBAE, but I don't see any mention anywhere of Avast.

Yes, I was referring to Milos comment Post #2 

[REDACTED]

I see I didn't see the Avast team tag next to his post reading from my small phone screen.  Yep, that is excellent news. 

With that settled, it is a bit disconcerting that all version of IE and Firefox were vulnerable given that the various sandboxes.  IE 10,11 in Windows 8 has its own flash wrapped around its protected mode sandbox, and Adobe sandboxed Flash for Firefox on Vista and up.  So in addition to patching Flash, I assume IE has an exploit they need to patch. 

I know sandbox aren't the end all, but it seems the hackers did in the IE and Adobe sandboxes at the same time. 

[midnight]

https://technet.microsoft.com/library/security/2755801

Thats the flash update on Jan 22.  The one, the one being actively exploited and unpatched is the one in the links. 

"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26. "

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

"TL:DR  Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled."

"Safe : - Chrome : They are not firing that bullet "


http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

The point being absent an AV that can handle the new zero day.  A large majority of computers are vulnerable to.   I use Firefox as a my main browser, I can temporally use Chrome, but it would be nice if we can get any official word from Avast that they have definitions for he new exploit until Adobe can patch flash next week. 

Should I uninstall the update?

[REDACTED]

No, it patches another critical flaw. 

[Rednose]

In Firefox use NoScript https://noscript.net/ and only allow Flash from websites you really trust

Greetz, Red.