This is for the 3rd fourth dimension inwards in conclusion few weeks when Adobe is dealing amongst a goose egg 24-hour interval vulnerability inwards Flash Player. The Adobe Flash Player Vulnerability identified every bit CVE-2015-0313, exists inwards the latest version of Flash Player, i.e. version 16.0.0.296 together with earlier.
In like shooting fish in a barrel January, Adobe released an updated version of its Flash player software that patches zero-day vulnerability, tracked every bit CVE-2015-0311, spotted past times French safety researcher Kafeine. This Adobe Flash Player Vulnerability was also beingness actively exploited via Malvertisement together with drive-by-download attacks.
In representative of a "drive-by-download" attack, an assaulter downloads a malicious software to a victim's figurer without their noesis or explicit consent. As a result, the flaw could permit remote attackers to conduct maintain command of victims’ Macs or PCs.
On Jan 22, the society released an emergency update for instant zero-day flaw, identified every bit CVE-2015-0310, that was circulating together with exploited past times Angler malicious toolkit.
In a security advisory released Monday, Adobe officials said that they are working on a piece together with planning to liberate it onetime this week. The Adobe Flash Player zero-day vulnerability targets computers running all versions of Internet Explorer together with Mozilla Firefox, on Windows 8.1 together with earlier. In improver to Windows, the flaw affects Flash on OS X together with Linux.
This newest zero-day vulnerability inwards Flash reportedly is beingness used past times the Angler kit, every bit well. If successfully exploited, the vulnerability could receive a crash together with potentially permit criminal hackers to conduct maintain command of the affected system.
Cybercriminals are currently using this zero-day flaw inwards a malvertising travail on a pop video sharing site Dailymotion, amongst other websites idea to live on affected every bit the infections were launched via advertising platform together with non the website content itself.
Visitors to whatever of the affected sites would conduct maintain been redirected to a serial of websites together with finally landed on a page controlled past times attackers, hosting an exploit kit. This exploit kit would travail to compromise the target organisation past times exploiting the Adobe Flash zero-day flaw.
Security theatre Trend Micro, who reported the zero-day to Adobe, had been tracking this Flash zero-day vulnerability since Jan fourteen together with had been working amongst Adobe to cook the issue.
Trend Micro said it had "seen around 3,294 hits related to the exploit". The theatre is recommending users "consider disabling Flash Player until a fixed version is released".
"We are aware of reports that this vulnerability is beingness actively exploited inwards the wild via drive-by-download attacks against systems running Internet Explorer together with Firefox on Windows 8.1 together with below," Adobe said inwards its ain advisory.
Adobe didn’t specify the 24-hour interval on which the piece would live on released, but said it would liberate a cook for this "critical vulnerability" this week. Users who are concerned most this safety number tin temporarily disable Adobe Flash inwards the browsers.
SECURITY PATCH RELEASES [UPDATE (5/2/2015)]
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh together with Linux inwards society to piece a zero-day vulnerability, identified every bit CVE-2015-0313, that could potentially permit an assaulter to conduct maintain command of the affected system.
The society recommends its users to update their software installations to the latest versions:
SECURITY PATCH RELEASES [UPDATE (5/2/2015)]
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh together with Linux inwards society to piece a zero-day vulnerability, identified every bit CVE-2015-0313, that could potentially permit an assaulter to conduct maintain command of the affected system.
The society recommends its users to update their software installations to the latest versions:
- Users of the Adobe Flash Player desktop versions for Windows together with Macintosh should update to Adobe Flash Player 16.0.0.305
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442
- Adobe Flash Player installed amongst Google Chrome, every bit good every bit Internet Explorer on Windows 8.x, volition automatically update to version 16.0.0.305
