Adobe Patches Flash Zero Day
Thursday, June 25, 2015 @ 02:06 PM gHale
Adobe issued an emergency patch for its Flash Player software because it addresses a Zero Day vulnerability attackers are exploiting.
Users running Internet Explorer for Windows 7 and below and Firefox on Windows XP should patch as soon as possible because hackers are using those systems for targeted attacks.
The vulnerability is a heap buffer overflow (tracked as CVE-2015-3113) that could lead to execution of arbitrary code and take control of the affected systems. Security researchers at FireEye said there are reports attackers are using it in limited, targeted attacks.
It is unclear whether attackers are using the vulnerability against regular users or in more sophisticated attacks, but it can end up used for funneling in malware via drive-by download attacks.
The update is available for Windows and OS X, where the version number is 22.214.171.124, and for Linux, where the new build is 126.96.36.1998.
For Internet Explorer on Windows 8 and above, the new Flash Player arrives through the automatic update mechanism included in the web browser. That release, however, has gone out yet.
As such, users of IE and Mozilla Firefox should perform the update manually at the moment in order to keep themselves protected. The latest revision can end up downloaded straight from Adobe.
Chrome browser does not seem to be a focus of the attack, according to Adobe’s security bulletin. However, the application will also end up updated with the latest Flash Player version.