alphaspirit - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Adobe issues emergency weekend fix for Flash zero-day flaw

Adobe's latest Flash zero day patch came Saturday, just two days after reports that the vulnerability was being exploited by drive-by-download attacks.

Adobe Systems Inc. released an out-of-band emergency patch Saturday to secure a Flash zero-day vulnerability that was first uncovered last week, and has already reportedly led to active exploits in the wild.

The vulnerability was publicly disclosed Wednesday by a security researcher who goes by the Twitter handle Kafeine and affected all versions of the Adobe Flash Player through Late on Thursday, Adobe released an advisory stating that it was investigating what is assumed to be the same exploit, CVE-2015-0311. Just two days later, Adobe updated its advisory with the notice that users who had enabled auto-updates for the Flash Player runtime would receive the patch as part of its version update, with a manual update promised for the week of Jan. 26th.

Adobe has also noted it is working with distribution partners to make the patch available in Google Chrome and Internet Explorer 10 and 11, although Google Chrome was not included as an at risk browser with the initial report because of how Flash Player is sandboxed within the browser.

According to Adobe, "this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."

A blog post at Malware don't need coffee by Kafeine confirmed that the Adobe Flash zero-day flaw is being targeted by the Angler exploit kit, and a successful remote exploit could cause a crash, allowing an attacker to potentially take control of an infiltrated system.

Next Steps

Learn why organizations should consider a formal patch management program.

Dig Deeper on Microsoft Patch Tuesday and patch management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Would you consider disabling Adobe Flash Player while waiting for a patch like this?
I strongly feel that proprietary software has no business being used as part of the internet technology. It's time to transition to HTML5 for multimedia(video).