Adobe fixed another dangerous vulnerability in Flash Player

    Adobe has released another unscheduled update for Flash Player ( APSB15-04 ). This time we are talking about the 0day vulnerability CVE-2015-0313, which was used by attackers to carry out drive-by download attacks (silent installation of malware). This is the third Flash Player update in two weeks. As we wrote earlier , Adobe released unscheduled updates to Flash Player to close other Remote Code Execution 0day vulnerabilities that are under active exploitation.
    Adobe is aware of reports that CVE-2015-0313 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

    As last time, we are talking about exploiting the Flash Player vulnerability for MS IE and Mozilla Firefox web browsers, but not Google Chrome. It should be noted that Google Chrome has a full-fledged mechanism for isolating its tab processes from exploits performing system functions, i.e. full sandbox ( it always works and by default ). Firefox does not have such a mechanism, but for IE it is not active by default (Advanced Protected Mode). Since the Flash Player process for playing the corresponding content is launched by the browser itself and in the context of the tab process, the sandbox mechanism significantly complicates the process of exploiting the vulnerability, or makes it completely impossible.

    Apple Safari web browser on OS X blocksUsing outdated out-of-date versions of Flash Player to protect the user from those vulnerabilities that were already closed by Adobe.

    You can disable the plugin itself; see here for how to do this for various browsers .

    We recommend updating your Flash Player regularly. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their versions of Flash Player automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.

    be secure.

    Also popular now: