New unpatched Zero-Day Vulnerability in Flash-Player

SicherheitAgain an unpatched zero day vulnerability in Adobe Flash Player is used by criminals to attack thousands of user surfing the web. Here are the details.


Advertising

This is the third zero day vulnerability found in Adobe Flash player this year. Adobe just has released a Security Bulletin describing a critical vulnerability (CVE-2015-0313) within the following Flash player versions:

  • Adobe Flash Player 16.0.0.296 and earlier (Windows and Macintosh)
  • Adobe Flash Player 13.0.0.264 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.440 and earlier (Linux)

Adobe promised to release a patch this week. The vulnerability was discovered from Trend Micro security researchers. Within Trend Micro blog they documented, that they found the security hole at January 14th. The vulnerability has been targeted from Angler Exploit Kit. Visitors of popular website dailymotion.com has been redirected to other web sites. Some redirection from ad networks forced the browser to download a file from  hxxp://www.retilio.com/skillt.swf. This file contains the exploit. Note, that the infection happens automatically, without user interactions (because ad networks delivers its content without user interaction). Currently most infections are happened in the US and the Exploit targeting Windows 8.1 user surfing with Internet Explorer and Firefox. But other browsers are also targeted probably in future.

The recommendation is, to uninstall Flash Player (in Windows 7 and earlier) or deactivate Flash in Windows 8 and Windows 8.1. Also avoid to use Google Chrome browser, because this programs contains also a flash player. Further details may be found at Trend Micro blog, here at Forbes.


Advertising


This entry was posted in computer, Windows and tagged , , , . Bookmark the permalink.

1 Response to New unpatched Zero-Day Vulnerability in Flash-Player

  1. Pingback: Flash-Player Updates from Adobe, Microsoft and Google | Born's Tech and Windows World

Leave a Reply

Your email address will not be published. Required fields are marked *