Adobe Patches Flash Zero Day

Thursday, June 25, 2015 @ 02:06 PM gHale

Adobe issued an emergency patch for its Flash Player software because it addresses a Zero Day vulnerability attackers are exploiting.

Users running Internet Explorer for Windows 7 and below and Firefox on Windows XP should patch as soon as possible because hackers are using those systems for targeted attacks.

Adobe Fixes Flash Player Vulnerabilities
Flash Vulnerability Fixed, then Exploited
Adobe Updates Flash Player
Windows, Flash Zero Days Targeted

The vulnerability is a heap buffer overflow (tracked as CVE-2015-3113) that could lead to execution of arbitrary code and take control of the affected systems. Security researchers at FireEye said there are reports attackers are using it in limited, targeted attacks.

It is unclear whether attackers are using the vulnerability against regular users or in more sophisticated attacks, but it can end up used for funneling in malware via drive-by download attacks.

The update is available for Windows and OS X, where the version number is, and for Linux, where the new build is

For Internet Explorer on Windows 8 and above, the new Flash Player arrives through the automatic update mechanism included in the web browser. That release, however, has gone out yet.

As such, users of IE and Mozilla Firefox should perform the update manually at the moment in order to keep themselves protected. The latest revision can end up downloaded straight from Adobe.

Chrome browser does not seem to be a focus of the attack, according to Adobe’s security bulletin. However, the application will also end up updated with the latest Flash Player version.