Adobe Says Fix for Latest Flash Player Zero-Day Vulnerability Due Soon

Adobe Says Fix for Latest Flash Player Zero-Day Vulnerability Due Soon
Adobe on Monday issued a security warning for the third zero-day vulnerability in its Shockwave Flash Player within a month. The vulnerability can possibly cause crashes and allow attackers to take control of the affected system as well.

The company said that it is aware of the situation and will release a patch during this week. Adobe classifies this vulnerability as 'critical' and noted that the Flash Player and earlier versions for Windows and Macintosh, Flash Player and earlier 13.x versions, and Flash Player and earlier versions for Linux are affected by the vulnerability. The vulnerability has been listed as CVE-2015-0313 in the Common Vulnerabilities and Exposures database.

Adobe acknowledged Microsoft researchers and TrendMicro for the reporting the bug, and points to a link on the latter's site that suggests the bug is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

"A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," noted company in Security Bulletin on Monday.

TrendMicro noted that the team had monitored this attack since January 14 and the initial analysis suggests that "this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains."

"According to our data, visitors of the popular site were redirected to a series of sites that eventually led to the URL hxxp://, where the exploit itself was hosted," notes the report.

Notably, the infection happens automatically, and since advertisements on Dailymotion are designed to get loaded by the advertising website, it is likely that this infection was not limited to the Dailymotion website alone. TrendMicro has so far seen around 3,294 hits related to the exploit, and advise users to disable the affected versions of Flash Players until a fixed version is released.

Adobe in the past few weeks also released (via Computerworld) Flash Player updates (Flash Player and to fix two other critical zero-day vulnerabilities that were already being exploited for malvertising. The two vulnerabilities, CVE-2015-0310 and CVE-2015-0311, were also found to be integrated into the Angler Exploit Kit.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Screen Time Affects Sleep Patterns of Teenagers, Study Finds
DoT Seeks Time to Submit Response on Loop Telecom Plea
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2023. All rights reserved.