Menu
Adobe pushes critical Flash Player update to fix latest zero-day

Adobe pushes critical Flash Player update to fix latest zero-day

Users with automatic updates enabled in Flash Player have already started receiving the new patch

Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.

An exploit for the vulnerability has been integrated into the Angler Exploit Kit, a tool used by cybercriminals to launch mass drive-by-download attacks, primarily through malicious ads displayed on legitimate websites.

The vulnerability, tracked as CVE-2015-0311, affects users with Flash Player enabled in Mozilla Firefox and in all versions of Internet Explorer running on Windows 8.1 and earlier. The Flash Player plug-in bundled with Google Chrome also has the vulnerability, but the browser's security sandbox mechanism prevents its exploitation.

"Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24," Adobe said in a security advisory Saturday.

The company also said that it will make the new Flash Player version available for manual download this week. Even though the release hasn't officially been announced yet, the new version is already available on its distribution site.

The update comes after Adobe released another Flash Player version last week to address a different zero-day, or exploited but unpatched, vulnerability. That one was tracked as CVE-2015-0310.

Drive-by-download attacks silently install malware on users' computers when they visit compromised websites or view malicious ads in their browsers. Attackers manage to push malicious ads onto ad networks through a variety of techniques that include impersonating advertisers. Those ads then make it onto large legitimate websites.

Combining malvertising with zero-day exploits results in very powerful and widespread attacks that are hard to defend against. The SANS Institute's Internet Storm Center raised the threat level to yellow because of the ongoing Flash Player attacks.

Users can also protect themselves by enabling the click-to-play feature in browsers which prevents plug-in-based content like Flash from running automatically without the user's consent.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patch managementmalwarepatchesAdobe SystemsExploits / vulnerabilities

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments