New vulnerabilities in Flash Player exploited in-the-wild

    Adobe has released the latest update APSB15-03 for its Flash Player, which fixes a critical 0day vulnerability in it. The vulnerability with the identifier CVE-2015-0311 was used by attackers to conduct drive-by download attacks, i.e., a maliciously crafted malware installation. To do this, we used the Angler Exploit Kit, which contained an exploit for this vulnerability in its arsenal. ESET antivirus products detect various modifications to this exploit as SWF / Exploit.CVE-2015-0311.A .

    Last week, the company re-released the APSA15-01 update , and also, a few days ago, released the new APSA15-02 update . All of these updates close the exploited vulnerabilities.

    We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

    Vulnerabilities are very serious because they allow attackers to remotely execute code through an vulnerable version of Flash Player in the latest version of Windows 8.1 with Internet Explorer 11.

    We recommend regularly updating your Flash Player. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their versions of Flash Player automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.

    be secure.

    Also popular now: