Following the news that Adobe is expected to release a patch for CVE-2016-4171, Tod Beardsley, Security Research Manager at Rapid7 commented below.
Tod Beardsley, Security Research Manager at Rapid7:
Adobe is expected to release a patch for CVE-2016-4171, which fixes a critical vulnerability in Flash 21.0.0.242 that Kaspersky reports is being used in active, targeted campaigns. Generally speaking, these sorts of pre-patch, zero day exploits don’t see a lot of widespread use; they’re too valuable to burn on random acts of hacking. So, customers shouldn’t be any more worried about their Flash installation base today than they were yesterday.
The positive effect of this announcement is the fact that it gives us a chance to remind people that Flash remains a very popular vector for client side attacks. In fact, I said as much almost a year ago.
Since then, many organisations have taken defensive steps to ensure that Flash is has the same click-to-play protections as Java in their desktop space, so those enterprises are in a better position to defend against this and the next Adobe Flash exploit.
Our products teams here at Rapid7 are alert to this news, and will be working up solutions in Nexpose and Metasploit to cover this vulnerability, and our blog will be updated when those checks and modules are available.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…