Adobe has scrambled to release its third unscheduled patch this month in an effort to fix a flaw impacting all versions of multimedia viewing software Flash Player.
Criminals targeting the vulnerability had been redirecting thousands of people to video sharing website Dailymotion, according to security researchers.
It marks Adobe’s fourth security update in total within the past month. The first was released on January 13 as a part of Adobe’s regularly scheduled Patch Tuesday updates. The second and third updates were out-of-band patches to address zero-day vulnerabilities in Flash Player and were released on January 22 and 27, respectively. Adobe has not yet released a patch for the latest zero-day vulnerability reported yesterday, but plans to do so this week.
The latest patch will address a flaw known as known as CVE-2015-0313. Hackers have been impersonating legitimate advertisers to target the flaw with malicious adverts – a technique known as malvertising.
Peter Pi, threat analyst at Trend Micro, wrote in a blog post: “We’ve seen around 3,294 hits related to the exploit and, with an attack already seen in the wild, it’s likely there are other attacks leveraging this zero-day, posing a great risk of compromise to unprotected systems.
“It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself,”
In a statement, Adobe said: “We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”
Flash Player users are urged to update the software or related plugin.
How much do you know about hackers? Take our quiz!
The forthcoming Firefox 13.5 will not include a 'do not track' option, as the opt-out…
United Nations body to protect undersea communications cables that are crucial for international trade and…
Weeks after CEO Mark Zuckerberg met with Donald Trump privately at Mar-a-Lago, comes news of…
Protecting American clean energy businesses. Biden administration plans to raise tariffs on certain Chinese products
News fee. Australia looks introduce mandatory charge on social media platforms and search engines to…
Discover the AI skills your business needs, from machine learning to ethics, and learn how…