Adobe Says Fix for Latest Flash Player Zero-Day Vulnerability Due Soon

Advertisement
By Hitesh Arora | Updated: 3 February 2015 17:10 IST
Adobe Says Fix for Latest Flash Player Zero-Day Vulnerability Due Soon
Adobe on Monday issued a security warning for the third zero-day vulnerability in its Shockwave Flash Player within a month. The vulnerability can possibly cause crashes and allow attackers to take control of the affected system as well.

The company said that it is aware of the situation and will release a patch during this week. Adobe classifies this vulnerability as 'critical' and noted that the Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh, Flash Player 13.0.0.264 and earlier 13.x versions, and Flash Player 11.2.202.440 and earlier versions for Linux are affected by the vulnerability. The vulnerability has been listed as CVE-2015-0313 in the Common Vulnerabilities and Exposures database.

Adobe acknowledged Microsoft researchers and TrendMicro for the reporting the bug, and points to a link on the latter's site that suggests the bug is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

"A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," noted company in Security Bulletin on Monday.

TrendMicro noted that the team had monitored this attack since January 14 and the initial analysis suggests that "this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains."

Advertisement

"According to our data, visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to the URL hxxp://www.retilio.com/skillt.swf, where the exploit itself was hosted," notes the report.

Notably, the infection happens automatically, and since advertisements on Dailymotion are designed to get loaded by the advertising website, it is likely that this infection was not limited to the Dailymotion website alone. TrendMicro has so far seen around 3,294 hits related to the exploit, and advise users to disable the affected versions of Flash Players until a fixed version is released.

Advertisement

Adobe in the past few weeks also released (via Computerworld) Flash Player updates (Flash Player 16.0.0.287 and 16.0.0.296) to fix two other critical zero-day vulnerabilities that were already being exploited for malvertising. The two vulnerabilities, CVE-2015-0310 and CVE-2015-0311, were also found to be integrated into the Angler Exploit Kit.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus 13s Launched in India: Know Price, Specifications and More
  2. OnePlus 13s Review
  3. Poco F7 Launch Timeline, Key Specifications Leaked Ahead of Debut
  4. Best Smartphones Under Rs 25,000 in India: Check List
  5. OpenAI's ChatGPT Now Has a Record Mode and Can Connect to Gmail, Outlook
  6. Stolen Now Streaming on Amazon Prime Video: What You Need to Know
  7. 007 First Light, IO Interactive's James Bond Origin Story Game, Revealed
  8. Meta Explains Tech Behind Its Aria Gen 2 Glasses
  1. OnePlus Pad 3 With Snapdragon 8 Elite SoC, 12,140mAh Battery Launched in India: Specifications
  2. Nintendo Switch 2 Launches With 7.9-Inch LCD Display, Joy-Con 2 Controllers
  3. Pixel 10 Series Colour Options Tipped; Google Could Drop Iconic Hues
  4. Tecno Pova Curve 5G Goes on Sale in India for the First Time Today: Price, Sale Offers, Specifications
  5. OpenAI Brings ChatGPT Record Mode on MacOS, Adds Tool to Connect to Gmail and Outlook
  6. Truecaller Crosses 3 Million Paying Subscribers Globally; 16 Percent Growth in iOS Users
  7. Android 16 QPR1 Beta 1.1 With Bug Fixes Rolling Out for Pixel Devices: All Details
  8. One of Them Days Now Available on Netflix: Everything You Need to Know
  9. Our Fault OTT Release Date: When and Where to Watch Final Chapter of Culpables Online?
  10. Stolen Now Streaming on Amazon Prime Video: What You Need to Know About its Cast, Plot, and more
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.