A third critical zero-day vulnerability affects Adobe Flash Player 184.108.40.2066 and earlier versions for Windows, Linux and Mac.
It is the third time in a few weeks that the security of Adobe users is menaced by a zero-day in Flash that affects Windows, Linux and OS X systems.
The company is already working to provide a patch as soon as possible, the company wants to fix the vulnerability that according to the experts is being exploited in drive-by download attacks.
On Monday, Adobe has released a security advisory warning users that threat actors are exploiting a new vulnerability in Flash and announced that they’re planning to release a patch for the zero-day already this week. The vulnerability affects Flash on Windows, OS X and Linux. Also in this case the exploitation of the flaw could allow an attacker to take control of the targeted system.
“A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 220.127.116.116 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,” reports the advisory published by Adobe.
At the end of January, the French security researcher Kafeine discovered an unpatched vulnerability (0day) in Flash Player was being exploited by Angler Exploit Kit. A few days later, the experts discovered a second zero-day vulnerability in Adobe Flash.
Adobe promptly released the security patches for both zero-day vulnerabilities. Also in this case, the zero-day in Flash reportedly is being used by the infamous Angler kit.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.