Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

A third Flash Zero-Day is being exploited in the wild

A third critical zero-day vulnerability affects Adobe Flash Player 16.0.0.296 and earlier versions for Windows, Linux and Mac. It is the third time in a few weeks that the security of Adobe users is menaced by a zero-day in Flash that affects Windows, Linux and OS X systems. The company is already working to provide a patch […]

A third Flash Zero-Day is being exploited in the wild

A third critical zero-day vulnerability affects Adobe Flash Player 16.0.0.296 and earlier versions for Windows, Linux and Mac.

It is the third time in a few weeks that the security of Adobe users is menaced by a zero-day in Flash that affects Windows, Linux and OS X systems.

The company is already working to provide a patch as soon as possible, the company wants to fix the vulnerability that according to the experts is being exploited in drive-by download attacks.

On Monday, Adobe has released a security advisory warning users that threat actors are exploiting a new vulnerability in Flash and announced that they’re planning to release a patch for the zero-day already this week. The vulnerability affects Flash on Windows, OS X and Linux. Also in this case the exploitation of the flaw could allow an attacker to take control of the targeted system.

“A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,” reports the advisory published by Adobe.

At the end of January, the French security researcher Kafeine discovered an unpatched vulnerability (0day) in Flash Player was being exploited by Angler Exploit Kit. A few days later, the experts discovered a second zero-day vulnerability in Adobe Flash.

Angler exploit kit CVE-2015-0311 zero-day adobe

Adobe promptly released the security patches for both zero-day vulnerabilities. Also in this case, the zero-day in Flash reportedly is being used by the infamous Angler kit.

Pierluigi Paganini

(Security Affairs – Flash zero-dat, Angler kit)