Hackers target third new zero-day for Adobe Flash

By

Patch promised this week.

Security researchers have advised users of Adobe's Flash Player to disable the software temporarily, as yet another remotely exploitable vulnerability is being actively attacked by would-be hackers.

Hackers target third new zero-day for Adobe Flash

The bug has the potential to allow attackers to take full control of users' computers without their interaction.

Recently-released Flash Player versions 16.0.0.296 for Microsoft Windows and Apple OS X are vulnerable to the CVE-2015-0313 vulnerability, which Adobe rates as critical. Versions 13.0.0.264 and earlier are also vulnerable, along with Flash Player 11.2.202.440 and earlier for Linux.

Security vendor Trend Micro is credited with discovering the new zero-day vulnerability alongside two Microsoft researchers.

The company said CVE-2015-0313 is being actively exploited in drive-by attacks delivered via malicious advertisements, believed to have been executed through the Angler Exploit Kit.

"Malvertisements" on popular websites redirect visitors to a series of other sites, finally landing at a Russian-registered domain that attempts to deliver the payload that executes the exploit.

Trend Micro said it has already counted over 3000 hits related to CVE-2015-0313, suggesting the vulnerability is being widely used by attackers.

Neither the security vendor nor Adobe have yet published a full analysis of the new zero-day, which is the third to strike the popular Flash Player software in a month.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?