Adobe releases third unscheduled Flash security update

Software giant forced to act following discovery of flaw affecting video sharing site Dailymotion

Adobe Flash

Adobe has released its third Flash unscheduled security update this year, after video sharing site Dailymotion found an advert that redirected to an attacker-controlled page that could be used to take control of a user's system.

Adobe said in its alert: "A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

Paul Ducklin wrote on the Sophos blog: "This script tries to guess which vulnerabilities are most likely to work on your computer, based on browser version, available plugins, and other settings, and then lets rip one-by-one with specific exploits," until nothing happens, the browser crashes or one of the exploits succeeds and your computer has been taken over.

The zero-day exploit has been patched, but Adobe doesn't anticipate completely fixing the vulnerability until later this week.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Peter Pi, threat analyst at Trend Micro, said: "We've seen around 3,294 hits related to the exploit and, with an attack already seen in the wild, it's likely there are other attacks leveraging this zero-day, posing a great risk of compromise to unprotected systems."

Meanwhile, Adobe commented in a statement: "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

Last week, YouTube announced it has started to implement HTML5 by default in browsers to play videos rather than Flash because it said Flash couldn't support Adaptive Bitrate (ABR), which cuts down on buffering without compromising video quality.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/infrastructure/server-storage/354508/synology-flashstation-fs3400-same-old-same-old
Server & storage

Synology FlashStation FS3400: Same old, same old

9 Jan 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/business-strategy/34599/adobe-shuts-down-service-to-venezuela
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020