PATCH FOR FIRST ZERO-DAY
On Thursday, the companionship released an emergency update for i of the critical vulnerabilities inward Flash Player. However, the flaw was non the i that safety researcher Kafeine reported. Adobe focused on or too then other zero-day, identified every bit CVE-2015-0310, that was also exploited past times Angler malicious toolkit.
PATCH FOR SECOND ZERO-DAY
Today, Adobe released an updated version of its Flash instrumentalist software that patches a zero-day vulnerability, tracked every bit CVE-2015-0311, spotted past times French safety researcher Kafeine at the start of the week.
The vulnerability is "being actively exploited inward the wild via drive-by-download attacks against systems running Internet Explorer too Firefox on Windows 8.1 too below," Adobe said inward a safety advisory. The companionship defines CVE-2015-0311 as "critical," which way that "the vulnerability, which, if exploited would permit malicious native-code to execute, potentially without a user beingness aware."
DRIVE-BY-DOWNLOAD ATTACKS
In instance of a "drive-by-download" attack, an assailant downloads a malicious software to a victim's figurer without their cognition or explicit consent. As a result, the flaw could permit remote attackers to induce got command of victims’ Macs or PCs.
According to the tests carried out past times the safety researcher, CVE-2015-0311 affected all versions of Flash Player included inward whatever version of Windows operating system, whatever version of Internet Explorer (IE) too Mozilla Firefox every bit well. However, the Google Chrome users were rubber every bit the exploit was non triggered on Chrome.
AFFECTED SOFTWARE VERSIONS
- Adobe Flash Player 16.0.0.287 too before versions for Windows too Macintosh
- Adobe Flash Player 13.0.0.262 too before 13.x versions
- Adobe Flash Player 11.2.202.438 too before versions for Linux
Due to the actively exploitation of the zero-day flaw past times malicious actors, the companionship is urging Adobe Flash Player users to update their software every bit before long every bit possible.
Adobe updated its safety advisory on Sabbatum too stated, "Users who induce got enabled auto-update for the Flash Player desktop runtime volition last receiving version 16.0.0.296 start on Jan 24. This version includes a laid upwardly for CVE-2015-0311. Adobe expects to induce got an update available for manual download during the calendar week of Jan 26, too nosotros are working amongst our distribution partners to brand the update available inward Google Chrome too Internet Explorer 10 too 11. For to a greater extent than data on updating Flash Player delight mention to this post."
Despite seat out of safety problems inward its software, Adobe has improved the safety of its products inward recent year, too nosotros actually appreciate for its quick reply too administration to curlicue a piece before the companionship scheduled to deliver it.
