Adobe Says Fix for Latest Flash Player Zero-Day Vulnerability Due Soon

Advertisement
By Hitesh Arora | Updated: 3 February 2015 17:10 IST
Adobe Says Fix for Latest Flash Player Zero-Day Vulnerability Due Soon
Adobe on Monday issued a security warning for the third zero-day vulnerability in its Shockwave Flash Player within a month. The vulnerability can possibly cause crashes and allow attackers to take control of the affected system as well.

The company said that it is aware of the situation and will release a patch during this week. Adobe classifies this vulnerability as 'critical' and noted that the Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh, Flash Player 13.0.0.264 and earlier 13.x versions, and Flash Player 11.2.202.440 and earlier versions for Linux are affected by the vulnerability. The vulnerability has been listed as CVE-2015-0313 in the Common Vulnerabilities and Exposures database.

Adobe acknowledged Microsoft researchers and TrendMicro for the reporting the bug, and points to a link on the latter's site that suggests the bug is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

"A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," noted company in Security Bulletin on Monday.

TrendMicro noted that the team had monitored this attack since January 14 and the initial analysis suggests that "this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains."

Advertisement

"According to our data, visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to the URL hxxp://www.retilio.com/skillt.swf, where the exploit itself was hosted," notes the report.

Notably, the infection happens automatically, and since advertisements on Dailymotion are designed to get loaded by the advertising website, it is likely that this infection was not limited to the Dailymotion website alone. TrendMicro has so far seen around 3,294 hits related to the exploit, and advise users to disable the affected versions of Flash Players until a fixed version is released.

Advertisement

Adobe in the past few weeks also released (via Computerworld) Flash Player updates (Flash Player 16.0.0.287 and 16.0.0.296) to fix two other critical zero-day vulnerabilities that were already being exploited for malvertising. The two vulnerabilities, CVE-2015-0310 and CVE-2015-0311, were also found to be integrated into the Angler Exploit Kit.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  2. iQOO Z10 Lite 5G With 6,000mAh Battery Launched in India: Price, Features
  3. Redmi Pad 2 With 11-Inch 2.5K Display, 9,000mAh Battery Launched in India
  4. Vivo X200 FE Launch Date, Colours, and Design Revealed Ahead of Launch
  5. Apple Back to School Offer Brings Discounts on iPad Air, Other Products
  6. Infinix Note 50s 5G+ Gets a New RAM and Storage Option in India: See Price
  7. Nothing Headphone 1 Price, Colour Options Leaked Ahead of Launch
  8. Government Announces FASTag-Based Annual Pass for Highway Commutes
  9. Pixel 10, Pixel 10 Pro Alleged Case Hint at Design Changes
  1. Warner Bros. Games Restructures to Focus on Harry Potter, Game of Thrones, Mortal Kombat and DC Franchises
  2. Google Pixel 10, Pixel 10 Pro Alleged Case Suggests Minor Design Changes From Predecessors
  3. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  4. Nothing Phone 3 to Offer Longer Android and Security Update Support Than Its Predecessor
  5. Boat Wave Fortune Smartwatch With NFC Tap & Pay Feature, Bluetooth Calling Launched in India
  6. Government Announces FASTag-Based Annual Pass for Highway Commutes Priced at Rs. 3,000: See Benefits
  7. Adobe Firefly App for Android and iOS Announced, Offers AI-Powered Image and Video Tools
  8. Axiom-4 Mission Carrying Shubhanshu Shukla to International Space Station Postponed to June 22
  9. Bungie Delays Marathon, Says Will Reveal New Release Date This Fall
  10. Vivo T4 Ultra Now Available for Purchase in India: See Price, Offers, Specifications
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.