Following the news that Adobe is expected to release a patch for CVE-2016-4171, Tod Beardsley, Security Research Manager at Rapid7 commented below.
Tod Beardsley, Security Research Manager at Rapid7:
Adobe is expected to release a patch for CVE-2016-4171, which fixes a critical vulnerability in Flash 21.0.0.242 that Kaspersky reports is being used in active, targeted campaigns. Generally speaking, these sorts of pre-patch, zero day exploits don’t see a lot of widespread use; they’re too valuable to burn on random acts of hacking. So, customers shouldn’t be any more worried about their Flash installation base today than they were yesterday.
The positive effect of this announcement is the fact that it gives us a chance to remind people that Flash remains a very popular vector for client side attacks. In fact, I said as much almost a year ago.
Since then, many organisations have taken defensive steps to ensure that Flash is has the same click-to-play protections as Java in their desktop space, so those enterprises are in a better position to defend against this and the next Adobe Flash exploit.
Our products teams here at Rapid7 are alert to this news, and will be working up solutions in Nexpose and Metasploit to cover this vulnerability, and our blog will be updated when those checks and modules are available.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…