Adobe releases third unscheduled Flash security update

Software giant forced to act following discovery of flaw affecting video sharing site Dailymotion

Adobe Flash

Adobe has released its third Flash unscheduled security update this year, after video sharing site Dailymotion found an advert that redirected to an attacker-controlled page that could be used to take control of a user's system.

Adobe said in its alert: "A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

Paul Ducklin wrote on the Sophos blog: "This script tries to guess which vulnerabilities are most likely to work on your computer, based on browser version, available plugins, and other settings, and then lets rip one-by-one with specific exploits," until nothing happens, the browser crashes or one of the exploits succeeds and your computer has been taken over.

The zero-day exploit has been patched, but Adobe doesn't anticipate completely fixing the vulnerability until later this week.

Peter Pi, threat analyst at Trend Micro, said: "We've seen around 3,294 hits related to the exploit and, with an attack already seen in the wild, it's likely there are other attacks leveraging this zero-day, posing a great risk of compromise to unprotected systems."

Meanwhile, Adobe commented in a statement: "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

Last week, YouTube announced it has started to implement HTML5 by default in browsers to play videos rather than Flash because it said Flash couldn't support Adaptive Bitrate (ABR), which cuts down on buffering without compromising video quality.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Adobe rolls out new PayPal payment options through Adobe Commerce
e commerce

Adobe rolls out new PayPal payment options through Adobe Commerce

16 Sep 2021
The benefits and drawbacks of flash storage in 2021
flash storage

The benefits and drawbacks of flash storage in 2021

14 Sep 2021
Signs it’s time to upgrade your CMS
Whitepaper

Signs it’s time to upgrade your CMS

23 Aug 2021
Engaging the new digital workforce blueprint
Whitepaper

Engaging the new digital workforce blueprint

23 Aug 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Citrix mulling potential sale after tumultuous 2021
mergers and acquisitions

Citrix mulling potential sale after tumultuous 2021

15 Sep 2021
Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021