Adobe Flash hit by another zero-day vulnerability

Posted on Tuesday, February 03 2015 @ 13:18 CET by Thomas De Maesschalck

Adobe announced a new zero-day exploit for Flash Player is making the rounds, the third such issue this year. Users are advised to deactive Flash Player until a patch arrives sometime this week.

One of the dangers of the new CVE-2015-0313 vulnerability is that it can be taken advantage of using the Angler Exploit kit, a popular hacking kit. The developers of Angler are rumored to be actively working on discovering fresh bugs in Flash, enabling them to incorporate exploits into Angler before the bugs are publicized.

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe expects to release an update for Flash Player during the week of February 2.

Source: eTeknix

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!