“Adobe is scurrying to patch the third Flash zero-day of the year, with criminal hackers already using a previously unknown and unpatched vulnerability to launch attacks against thousands of web denizens, security researchers warned today,” Thomas Fox-Brewster reports for Forbes. “Those attacks hit visitors to popular video sharing site Dailymotion, with other sites thought to be affected as the infections were launched via advertisements that will likely be resident on many other web pages.”
“Visitors to any affected site would have been redirected to an attacker-controlled page where an exploit kit would attempt to compromise the target system by targeting the Adobe Flash zero-day,” Fox-Brewster reports. “The vulnerability is in all supported forms of Flash, up to the latest versions for Microsoft Windows and Apple Macs.”
“Adobe said in its own advisory [that] it’s expecting a fix for this ‘critical vulnerability’ will be released this week,” Fox-Brewster reports. “But this fresh zero-day is yet another nail in the coffin for Flash, which has been covering off flaws in its software like crazy in 2015. It’s also had to cope with the ignominy of being ditched by Google, which chose to use HTML5 video for its YouTube service.”
Read more in the full article here.
MacDailyNews Take: Adobe’s shiteous Flash is the Typhoid Mary of the Web.
Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wild – January 25, 2015
Shady app install ads automatically redirecting mobile users to App Store, Google Play [Updated] – January 16, 2015
Adobe issues fix for yet another Flash flaw – July 9, 2014
Adobe’s Flash Player gets yet another emergency update – February 5, 2014