Adobe warning users of yet another zero-day Flash Player vulnerability, third in a monthBy Himanshu Arora 14 comments
Just last week, Adobe issued fixes for a couple of zero-day Flash Player bugs, and now the company is warning users of another zero-day vulnerability that's being exploited in the wild. The bug in question, which is being tracked as CVE-2015-0313 in the Common Vulnerabilities and Exposures database, exists in Flash Player 18.104.22.1686 and earlier versions for Windows and OS X, as well as Flash Player 22.214.171.1244 and earlier 13.x versions.
The company said that it is aware of reports that the vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, and warned that successful exploitation of the vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe credited security researchers from Microsoft and Trend Micro with reporting the flaw. According to Trend Micro, which has been monitoring this attack since January 14, visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to a malicious URL where the exploit was hosted.
"It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site," the Internet security company said, adding that the infection was triggered from the advertising platform and not the website content itself. The company is recommending users to disable Flash Player until a fixed version is released, something which is expected this week.
The news also comes less than a week after Google ditched Flash Player in favor of HTML5 as the default video player on YouTube.