Menu
Adobe pushes critical Flash Player update to fix latest zero-day

Adobe pushes critical Flash Player update to fix latest zero-day

Users with automatic updates enabled in Flash Player have already started receiving the new patch

Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.

An exploit for the vulnerability has been integrated into the Angler Exploit Kit, a tool used by cybercriminals to launch mass drive-by-download attacks, primarily through malicious ads displayed on legitimate websites.

The vulnerability, tracked as CVE-2015-0311, affects users with Flash Player enabled in Mozilla Firefox and in all versions of Internet Explorer running on Windows 8.1 and earlier. The Flash Player plug-in bundled with Google Chrome also has the vulnerability, but the browser's security sandbox mechanism prevents its exploitation.

"Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24," Adobe said in a security advisory Saturday.

The company also said that it will make the new Flash Player version available for manual download this week. Even though the release hasn't officially been announced yet, the new version is already available on its distribution site.

The update comes after Adobe released another Flash Player version last week to address a different zero-day, or exploited but unpatched, vulnerability. That one was tracked as CVE-2015-0310.

Drive-by-download attacks silently install malware on users' computers when they visit compromised websites or view malicious ads in their browsers. Attackers manage to push malicious ads onto ad networks through a variety of techniques that include impersonating advertisers. Those ads then make it onto large legitimate websites.

Combining malvertising with zero-day exploits results in very powerful and widespread attacks that are hard to defend against. The SANS Institute's Internet Storm Center raised the threat level to yellow because of the ongoing Flash Player attacks.

Users can also protect themselves by enabling the click-to-play feature in browsers which prevents plug-in-based content like Flash from running automatically without the user's consent.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchessecurityAdobe Systemspatch managementExploits / vulnerabilitiesmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments