Adobe has scrambled to release its third unscheduled patch this month in an effort to fix a flaw impacting all versions of multimedia viewing software Flash Player.
Criminals targeting the vulnerability had been redirecting thousands of people to video sharing website Dailymotion, according to security researchers.
It marks Adobe’s fourth security update in total within the past month. The first was released on January 13 as a part of Adobe’s regularly scheduled Patch Tuesday updates. The second and third updates were out-of-band patches to address zero-day vulnerabilities in Flash Player and were released on January 22 and 27, respectively. Adobe has not yet released a patch for the latest zero-day vulnerability reported yesterday, but plans to do so this week.
The latest patch will address a flaw known as known as CVE-2015-0313. Hackers have been impersonating legitimate advertisers to target the flaw with malicious adverts – a technique known as malvertising.
Peter Pi, threat analyst at Trend Micro, wrote in a blog post: “We’ve seen around 3,294 hits related to the exploit and, with an attack already seen in the wild, it’s likely there are other attacks leveraging this zero-day, posing a great risk of compromise to unprotected systems.
“It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself,”
In a statement, Adobe said: “We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”
Flash Player users are urged to update the software or related plugin.
How much do you know about hackers? Take our quiz!
Beijing reportedly begins blocking the use of Intel and AMD chips in government computers, and…
Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…