Hackers abuse another Adobe Flash zero-day to attack thousands of web users with redirects

“Adobe is scurrying to patch the third Flash zero-day of the year, with criminal hackers already using a previously unknown and unpatched vulnerability to launch attacks against thousands of web denizens, security researchers warned today,” Thomas Fox-Brewster reports for Forbes. “Those attacks hit visitors to popular video sharing site Dailymotion, with other sites thought to be affected as the infections were launched via advertisements that will likely be resident on many other web pages.”

“Visitors to any affected site would have been redirected to an attacker-controlled page where an exploit kit would attempt to compromise the target system by targeting the Adobe Flash zero-day,” Fox-Brewster reports. “The vulnerability is in all supported forms of Flash, up to the latest versions for Microsoft Windows and Apple Macs.”

“Adobe said in its own advisory [that] it’s expecting a fix for this ‘critical vulnerability’ will be released this week,” Fox-Brewster reports. “But this fresh zero-day is yet another nail in the coffin for Flash, which has been covering off flaws in its software like crazy in 2015. It’s also had to cope with the ignominy of being ditched by Google, which chose to use HTML5 video for its YouTube service.”

Read more in the full article here.

MacDailyNews Take: Adobe’s shiteous Flash is the Typhoid Mary of the Web.

Related articles:
Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wild – January 25, 2015
Shady app install ads automatically redirecting mobile users to App Store, Google Play [Updated] – January 16, 2015
Adobe issues fix for yet another Flash flaw – July 9, 2014
Adobe’s Flash Player gets yet another emergency update – February 5, 2014

28 Comments

  1. On this website there is a very strange pop up that appears saying you’ve won something. There is no way to get rid of it except clicking okay. After that nothing happens.
    Anyone seen anything like that and can MDN comment on it please?

  2. The fact that so many companies still choose to use this peice of shit flash in a pan, is tetimony to how ignorant and out of step the business heads of old, have not a clue about technology, innovation and user experience that wins Apple its fanfare.

    Wake up you idiots, ’twas over 5 years agothat Stev Jobs called flash out for killing the jou and advantages of innovation in tech.

    1. The fact that so many companies still choose to use this peice of shit flash in a pan, is testimony to how ignorant and out of step the business heads of old, have not a clue about technology, innovation and the user experience that wins Apple its fanfare.

      Wake up you idiots, ’twas over 5 years agothat Steve Jobs called flash out for killing the joy and advantages of innovation in tech.

    2. Business heads know nothing, so they ask their techs to tell them what hardware and software to use. A tech told me “we fix things that break, so we always recommend the worst options, because they break.”

          1. The School Of The Self-Destructively Stupid.

            Great that they lay (rape) the path for their future employment, but they destroy the future of the company they work for. This are the ‘dead wood’, or as I call it ‘the ‘Bad Air’. It’s breathing time for the corporation: Out with the Bad Air, In with the Good Air.’ IOW: Layoff time!

  3. I see it too. I get one for Tesco. I think it’s part of the redirect ads we get here too.

    I think the best thing we can do is take a screenshot of the pop-up (press the home button & wake/off button at the same time) then when you hit ok take a screen shot of where you are taken to. Then email the company you are taken to & the company they are advertising with a strongly worded complaint. Include the screenshots as well.

    If we all do this maybe the firms will investigate and put a stop to it. I don’t believe the firms, in my case Tesco, would sanction this behaviour as it pisses people off and spoils the reputation of the firms.

  4. Yet web designers keep pushing out Flash. Even websites that used to support HTML 5 have reverted to Flash- Washington Post and New York Times for example.
    Apple could do a great service for humanity and squash the steaming pile that is Flash/Air for all time.

    C.mon Tim, Open the wallet.
    Developers, developers, developers…

        1. Do I wish I could personally do that? Oh yes.

          I wish HTML 5 actually covered all the Flash bases, but it does not, which is one reason The Damned Thing still survives. There are some lovely programming suites out now that make the best of HTML 5, however. Hopefully they will pack in additional JavaScript code to fill out the difference.

  5. My brief advice:
    Have a Flash blocking add-on in ALL your web browsers. ALL.

    Safari has it’s own Flash blocking system when you can reach in its Preferences here:

    1) Preferenced: Security: Manage Website Settings… (button):

    2) On the left of the pane, choose ‘Adobe Flash Player’.

    3) On the resulting right side:
    – a) REMOVE all ‘Configured Websites’ using the minus (-) button.
    – b) Set ‘When visiting other websites’ to ‘Block’ using the popup menu.

    This setting forces Safari to put up a ‘blocked’ notice. You can then click that notice to approve each individual website you visit. Just remember that at this point some very prominent, usually safe websites are being compromised with this zero-day. Be extremely careful what you unblock.

    OR: Just UNINSTALL nasty Flash. POS.

    http://mac-security.blogspot.com/2015/02/critical-flash-fail-yet-again-third.html

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.