lolloj - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Adobe Flash patch promised this week for new zero-day bug

Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.

Researchers have found another new zero-day bug in Flash Player. Adobe Systems Inc., which this morning confirmed the critical vulnerability, plans to issue an out-of-band patch this week.

Trend Micro Inc. uncovered a previously unknown vulnerability in the Flash Player, and revealed that the flaw is being actively exploited in the wild.

Like a zero-day vulnerability found in Flash last week, the alert bulletin from Adobe noted that this new flaw, labeled CVE-2015-0313, affects all versions of Flash Player, and is being exploited via drive-by-download attacks against Internet Explorer and Firefox running on Windows 8.1 and lower. Google Chrome is unaffected because of how it sandboxes Flash within the browser.

Pi said that the exploit has been observed in a hosted .swf malvertisement. When a user is directed to the target URL, the advertisement automatically loads and infects the user's system.

At the time of Trend Micro's blog post, the malicious ads appeared to be down, but the company reported that there had already been almost 3,300 hits related to the exploit.

Pi suggested disabling the Flash Player until a patch has been released. Adobe has promised a patch sometime this week.

This is the latest in what has been a devastating series of Flash flaws. Adobe's first patch update of the year, released Jan. 13, fixed nine critical flaws in the video technology. Nine days later, the company released an out-of-band patch for a critical vulnerability, followed by another emergency patch a week ago Saturday to fix yet another critical flaw.

Next Steps

Learn about potential alternatives to Adobe Flash

Dig Deeper on Microsoft Patch Tuesday and patch management