Adobe confirms third zero-day Flash exploit

Adobe

By Dylan Bushell-Embling
Wednesday, 04 February, 2015


Adobe confirms third zero-day Flash exploit

Adobe is taking heat after Trend Micro discovered a third unpatched zero-day vulnerability in Flash in as many weeks.

In a blog post, Trend Micro Global Threat Communications Manager Christopher Budd said the vulnerability puts all users of the current version of Adobe Flash at risk.

Researchers have discovered an attack that dates back to at least 14 January which involves compromised online advertisements. Initial analysis suggests that the exploit has been executed through the use of the Angler Exploit Kit.

A known compromised site has received 3294 hits, primarily from internet users in the US. The attack involves redirecting visitors to the popular online video site dailymotion.com to a series of sites that eventually leads to the exploit itself.

Adobe has confirmed the exploit and revealed that it is working on a patch to be released this week.

This marks the third unpatched zero-day exploit discovered in Flash since the company's most recent Patch Tuesday in January.

Trend Micro recommends that Australian customers wishing to mitigate the risk disable Flash until a patch is issued. Security tools including application control and deep discovery products can also help to ward off attacks.

Image courtesy of Duncan Hull under CC

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd