News

Beware of New Flash Zero-Day CVE-2014-0502

2014-02-27

   Adobe has just updated Flash Player for thesecond time this month, pushing out an emergency patch for an exploit  for CVE-2014-0502 exists in the wild ‍‍


   attack using Adobe Flash 0-day CVE-2014-0502

   The following versions and operating systems are affected:

   Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh

   Adobe Flash Player 11.2.202.336 and earlier versions for Linux

   Adobe AIR 4.0.0.1390 and earlier versions for Android

 

   How can I prevent and mitigate against this attack?
   1 In case you are not sure which version of the Flash Player your system is running, you can download the latest version(version 12.0.0.70) from Adobe’s own site

http://get.adobe.com/flashplayer/

   2 Promptly upgrade your security software and enable the full protection feature

   3 Get rid of XP from your regular office computers (XP doen't support ASLR. This makes it much less safe than the latest Windows versions.)

   4 Make sure you still need Flash, because many websites no longer require Flash ,and then either uninstall it or apply this patch promptly.

 

   Baidu Antivirus customers are protected from this zero-day attack with the following detections:

 

   Baidu Antivirus official site:http://antivirus.baidu.com

   Baidu Antivirus official Facebook:https://www.facebook.com/BaiduAntivirusEN