Adobe pushes critical Flash Player update to fix latest zero-day

Adobe pushes critical Flash Player update to fix latest zero-day

تاریخ ایجاد

ID: IRCNE2015012412
Date: 2015-01-28

According to “ComputerWorld”, Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.
An exploit for the vulnerability has been integrated into the Angler Exploit Kit, a tool used by cybercriminals to launch mass drive-by-download attacks, primarily through malicious ads displayed on legitimate websites.
The vulnerability, tracked as CVE-2015-0311, affects users with Flash Player enabled in Mozilla Firefox and in all versions of Internet Explorer running on Windows 8.1 and earlier. The Flash Player plug-in bundled with Google Chrome also has the vulnerability, but the browser's security sandbox mechanism prevents its exploitation.
"Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24," Adobe said in a security advisory Saturday.
The company also said that it will make the new Flash Player version available for manual download this week. Even though the release hasn't officially been announced yet, the new version is already available on its distribution site.
The update comes after Adobe released another Flash Player version last week to address a different zero-day, or exploited but unpatched, vulnerability. That one was tracked as CVE-2015-0310.
Users can also protect themselves by enabling the click-to-play feature in browsers which prevents plug-in-based content like Flash from running automatically without the user's consent.

برچسب‌ها