It is the third time in a few weeks that the security of Adobe users is menaced by a zero-day in Flash that affects Windows, Linux and OS X systems.
The company is already working to provide a patch as soon as possible, the company wants to fix the vulnerability that according to the experts is being exploited in drive-by download attacks.
On Monday, Adobe has released a security advisory warning users that threat actors are exploiting a new vulnerability in Flash and announced that they’re planning to release a patch for the zero-day already this week. The vulnerability affects Flash on Windows, OS X and Linux. Also in this case the exploitation of the flaw could allow an attacker to take control of the targeted system.
“A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 184.108.40.2066 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,” reports the advisory published by Adobe.
At the end of January, the French security researcher Kafeine discovered an unpatched vulnerability (0day) in Flash Player was being exploited by Angler Exploit Kit. A few days later, the experts discovered a second zero-day vulnerability in Adobe Flash.
Adobe promptly released the security patches for both zero-day vulnerabilities. Also in this case, the zero-day in Flash reportedly is being used by the infamous Angler kit.
(Security Affairs – Flash zero-dat, Angler kit)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.