Another Flash vulnerability

broken-flash

Adobe Flash may have been a great multimedia platform in the past but it has not been holding up well recently. Multiple vulnerabilities have made it a prime target for hackers. According to an official announcement on Monday, a new critical vulnerability has been discovered which is being exploited by cybercriminals using drive-by download attacks. This vulnerability affects Windows,OS X and even Linux.

A patch is expected later this week.

This was the Adobe advisory:

“A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below”

It looks like Adobe is well aware of the issue and is working on developing a patch. In the meantime though, all users need to be cautious.

Exploited in a flash

Over the past few weeks several major security flaws have been discovered in Flash, making it one of the most exploited platforms alongside Java. Some of the specifics of these attacks can be found in this previous article. This is not helping Adobe. YouTube recently moved away from the Flash platform and is now entirely using HTML 5. Users who are having security concerns should also consider removing Flash from their computers to avoid being exploited. However if you continue to use Flash, you should have a solid security program that protects you from exploits and drive-by downloads. Luckily, Emsisoft Anti-Malware is well equipped to protect you against such zero day threats.

Have a nice (exploit-free) day!

  • Tempus

    HTML5 offer more local storage and offline caching, so the browser will most likely contain even more sensitive informations, and can thereby make the browser an even more delicious target. Nevertheless is the swift to HTML5 a positive step. But my point is that it would be naive to think that it is the solution, because what we will see over time, is just a new change in attack vector.