Adobe releases third unscheduled Flash security update

Software giant forced to act following discovery of flaw affecting video sharing site Dailymotion

Adobe Flash

Adobe has released its third Flash unscheduled security update this year, after video sharing site Dailymotion found an advert that redirected to an attacker-controlled page that could be used to take control of a user's system.

Adobe said in its alert: "A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

Paul Ducklin wrote on the Sophos blog: "This script tries to guess which vulnerabilities are most likely to work on your computer, based on browser version, available plugins, and other settings, and then lets rip one-by-one with specific exploits," until nothing happens, the browser crashes or one of the exploits succeeds and your computer has been taken over.

The zero-day exploit has been patched, but Adobe doesn't anticipate completely fixing the vulnerability until later this week.

Peter Pi, threat analyst at Trend Micro, said: "We've seen around 3,294 hits related to the exploit and, with an attack already seen in the wild, it's likely there are other attacks leveraging this zero-day, posing a great risk of compromise to unprotected systems."

Meanwhile, Adobe commented in a statement: "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

Last week, YouTube announced it has started to implement HTML5 by default in browsers to play videos rather than Flash because it said Flash couldn't support Adaptive Bitrate (ABR), which cuts down on buffering without compromising video quality.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
IBM teams with Adobe and Red Hat to drive personalized customer experiences
Cloud

IBM teams with Adobe and Red Hat to drive personalized customer experiences

20 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020