Menu
Adobe pushes critical Flash Player update to fix latest zero-day

Adobe pushes critical Flash Player update to fix latest zero-day

Users with automatic updates enabled in Flash Player have already started receiving the new patch

Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.

An exploit for the vulnerability has been integrated into the Angler Exploit Kit, a tool used by cybercriminals to launch mass drive-by-download attacks, primarily through malicious ads displayed on legitimate websites.

The vulnerability, tracked as CVE-2015-0311, affects users with Flash Player enabled in Mozilla Firefox and in all versions of Internet Explorer running on Windows 8.1 and earlier. The Flash Player plug-in bundled with Google Chrome also has the vulnerability, but the browser's security sandbox mechanism prevents its exploitation.

"Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24," Adobe said in a security advisory Saturday.

The company also said that it will make the new Flash Player version available for manual download this week. Even though the release hasn't officially been announced yet, the new version is already available on its distribution site.

The update comes after Adobe released another Flash Player version last week to address a different zero-day, or exploited but unpatched, vulnerability. That one was tracked as CVE-2015-0310.

Drive-by-download attacks silently install malware on users' computers when they visit compromised websites or view malicious ads in their browsers. Attackers manage to push malicious ads onto ad networks through a variety of techniques that include impersonating advertisers. Those ads then make it onto large legitimate websites.

Combining malvertising with zero-day exploits results in very powerful and widespread attacks that are hard to defend against. The SANS Institute's Internet Storm Center raised the threat level to yellow because of the ongoing Flash Player attacks.

Users can also protect themselves by enabling the click-to-play feature in browsers which prevents plug-in-based content like Flash from running automatically without the user's consent.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitypatch managementmalwarepatchesAdobe SystemsExploits / vulnerabilities

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments