Menu
Adobe pushes critical Flash Player update to fix latest zero-day

Adobe pushes critical Flash Player update to fix latest zero-day

Users with automatic updates enabled in Flash Player have already started receiving the new patch

Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.

An exploit for the vulnerability has been integrated into the Angler Exploit Kit, a tool used by cybercriminals to launch mass drive-by-download attacks, primarily through malicious ads displayed on legitimate websites.

The vulnerability, tracked as CVE-2015-0311, affects users with Flash Player enabled in Mozilla Firefox and in all versions of Internet Explorer running on Windows 8.1 and earlier. The Flash Player plug-in bundled with Google Chrome also has the vulnerability, but the browser's security sandbox mechanism prevents its exploitation.

"Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24," Adobe said in a security advisory Saturday.

The company also said that it will make the new Flash Player version available for manual download this week. Even though the release hasn't officially been announced yet, the new version is already available on its distribution site.

The update comes after Adobe released another Flash Player version last week to address a different zero-day, or exploited but unpatched, vulnerability. That one was tracked as CVE-2015-0310.

Drive-by-download attacks silently install malware on users' computers when they visit compromised websites or view malicious ads in their browsers. Attackers manage to push malicious ads onto ad networks through a variety of techniques that include impersonating advertisers. Those ads then make it onto large legitimate websites.

Combining malvertising with zero-day exploits results in very powerful and widespread attacks that are hard to defend against. The SANS Institute's Internet Storm Center raised the threat level to yellow because of the ongoing Flash Player attacks.

Users can also protect themselves by enabling the click-to-play feature in browsers which prevents plug-in-based content like Flash from running automatically without the user's consent.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patch managementmalwarepatchesAdobe SystemsExploits / vulnerabilities

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments