Again an unpatched zero day vulnerability in Adobe Flash Player is used by criminals to attack thousands of user surfing the web. Here are the details.
This is the third zero day vulnerability found in Adobe Flash player this year. Adobe just has released a Security Bulletin describing a critical vulnerability (CVE-2015-0313) within the following Flash player versions:
- Adobe Flash Player 126.96.36.1996 and earlier (Windows and Macintosh)
- Adobe Flash Player 188.8.131.524 and earlier 13.x versions
- Adobe Flash Player 184.108.40.2060 and earlier (Linux)
Adobe promised to release a patch this week. The vulnerability was discovered from Trend Micro security researchers. Within Trend Micro blog they documented, that they found the security hole at January 14th. The vulnerability has been targeted from Angler Exploit Kit. Visitors of popular website dailymotion.com has been redirected to other web sites. Some redirection from ad networks forced the browser to download a file from hxxp://www.retilio.com/skillt.swf. This file contains the exploit. Note, that the infection happens automatically, without user interactions (because ad networks delivers its content without user interaction). Currently most infections are happened in the US and the Exploit targeting Windows 8.1 user surfing with Internet Explorer and Firefox. But other browsers are also targeted probably in future.
The recommendation is, to uninstall Flash Player (in Windows 7 and earlier) or deactivate Flash in Windows 8 and Windows 8.1. Also avoid to use Google Chrome browser, because this programs contains also a flash player. Further details may be found at Trend Micro blog, here at Forbes.