Adobe warning users of yet another zero-day Flash Player vulnerability, third in a month

Himanshu Arora

Posts: 902   +7
Staff

Just last week, Adobe issued fixes for a couple of zero-day Flash Player bugs, and now the company is warning users of another zero-day vulnerability that's being exploited in the wild. The bug in question, which is being tracked as CVE-2015-0313 in the Common Vulnerabilities and Exposures database, exists in Flash Player 16.0.0.296 and earlier versions for Windows and OS X, as well as Flash Player 13.0.0.264 and earlier 13.x versions.

The company said that it is aware of reports that the vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, and warned that successful exploitation of the vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe credited security researchers from Microsoft and Trend Micro with reporting the flaw. According to Trend Micro, which has been monitoring this attack since January 14, visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to a malicious URL where the exploit was hosted.

"It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site," the Internet security company said, adding that the infection was triggered from the advertising platform and not the website content itself. The company is recommending users to disable Flash Player until a fixed version is released, something which is expected this week.

The news also comes less than a week after Google ditched Flash Player in favor of HTML5 as the default video player on YouTube.

Permalink to story.

 
ABP anyone??

Well I'm done with Flash, will uninstall it and hopefuly HTML5 adoption is quicker.
 
And now I'm being harassed about updating Flash. Firefox tells me about it, ever website I visit. But since I updated Flash not long ago for the very same reason, I am now stubborn and refuse to update every month (yeah I know it has actually been longer).
 
Ah, the joys of the new age of subscription based software. "Pay us $99.99 a year to use our software." Of course, it takes just about that long to iron out any bug and security flaws. So what you are "really" doing is paying to be a guinea pig beta-tester.

And Microsoft wants us to ALL be on the same version one day. All little bricks in the same wall using the same version and the same colors.

It was a wonderful concept in fantasy land. In the real word...not so much.

This is why I personally don't mind being behind the bleeding edge of all things. Standing too close to the edge might actually cause bleeding.

Yes Flash player is free but it still gives me yet another opportunity to rant against subscription-based software and where we are all headed.

"WARNING: Security vulnerabilities have been identified in previous versions of Flash Player. You should update your software immediately. Not withstanding the possibility that new security vulnerabilities may actually be introduced as a result of fixing the old ones."
 
Once again the same guy talking male-cow-fecal-waste that doesn't even apply to the topic... because "I know but it gives me the oportunity to rant". So much win everywhere.

Also, I'm still uninstalling flash player! And recommend anyone who doesn't to install and use ABP (Ad-Block-Plus), this way at least you are blocking those malware infected ads from running (Or should be doing that).
 
ABP anyone??

Well I'm done with Flash, will uninstall it and hopefuly HTML5 adoption is quicker.
ABP isn't as good as it used to. It now seems to load some of the ads before hiding them. A while ago I read an article saying they were sellouts and letting some ads through, with deals from some companies, and now I'm starting the believe it.
 
ABP anyone??

Well I'm done with Flash, will uninstall it and hopefuly HTML5 adoption is quicker.
ABP isn't as good as it used to. It now seems to load some of the ads before hiding them. A while ago I read an article saying they were sellouts and letting some ads through, with deals from some companies, and now I'm starting the believe it.

The have always had a whitelist of allowable ads!
You are even warned about it during the install and have the option to turn those ads off too.
Ignorance isn't a valid excuse to badmouth something.

Looks like there used to be a long time where no one really cared about security and now its catching up to companies in a bad way :(
 
ABP anyone??

Well I'm done with Flash, will uninstall it and hopefuly HTML5 adoption is quicker.

HTML5:
(2013) https://hacking.ventures/local-ip-discovery-with-html5-webrtc-security-and-privacy-risk/
(2015) https://threatpost.com/webrtc-found-leaking-local-ip-addresses/110803
(2015) https://code.google.com/p/chromium/issues/detail?id=333752
"This behavior is by design."

ABP: as S_brideau said & still on techspot front page:
https://www.techspot.com/news/59609...ft-all-reportedly-pay-circumvent-adblock.html

Screw all ads. The reason people block them is because they have never and will never play by the rules.. a simple image hosted on the website you're viewing... but no, so screw them.
 
I surprised they have the hubris to call this junk in our homes a, "PC", (personal computer). To me it seems more like a corporate sponsored rectal exam for your bank account.
 
I stopped using ABP a few years ago and have been using Ad-block and Ad-muncher instead.

As far as flash goes, the quicker it dies the better.
 
And now I'm being harassed about updating Flash. Firefox tells me about it, ever website I visit. But since I updated Flash not long ago for the very same reason, I am now stubborn and refuse to update every month (yeah I know it has actually been longer).
Flash Player updates automatically if you install the latest version. That's the only reason I don't mind keeping it on the systems I manage at work, since I no longer have to actively administer the software.
 
For Chrome Users This Setting Should Protect You From Drive By Flash:

chrome://settings/ > advanced > Privacy > Content Settings > Pluig-ins > Click "Click to play"

So you would then have to click to play the bad flash. If your that dumb, well then... Too bad for you.. haha
 
Back