Third Time Unlucky: Adobe Forced To Release Hatrick Of Unscheduled Security Patches

Adobe has scrambled to release its third unscheduled patch this month in an effort to fix a flaw impacting all versions of multimedia viewing software Flash Player.

Criminals targeting the vulnerability had been redirecting thousands of people to video sharing website Dailymotion, according to security researchers.

Zero-day vulnerabilities

It marks Adobe’s fourth security update in total within the past month. The first was released on January 13 as a part of Adobe’s regularly scheduled Patch Tuesday updates. The second and third updates were out-of-band patches to address zero-day vulnerabilities in Flash Player and were released on January 22 and 27, respectively. Adobe has not yet released a patch for the latest zero-day vulnerability reported yesterday, but plans to do so this week.

The latest patch will address a flaw known as known as CVE-2015-0313. Hackers have been impersonating legitimate advertisers to target the flaw with malicious adverts – a technique known as malvertising.

Internet users are tricked into clicking on an infected advert, which directs browsers to a URL where the exploit is hosted. The malware is then donwloaded automatically, creating a backdoor on the victim’s computer for hackers to install other malware or steal credentials such as credit card details.

Peter Pi, threat analyst at Trend Micro, wrote in a blog post: “We’ve seen around 3,294 hits related to the exploit and, with an attack already seen in the wild, it’s likely there are other attacks leveraging this zero-day, posing a great risk of compromise to unprotected systems.

“It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself,”

In a statement, Adobe said: “We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”

Flash Player users are urged to update the software or related plugin.

How much do you know about hackers? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

21 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

22 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

22 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 day ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago