Yet Another Zero-Day Flash Vulnerability Rears Its Ugly Head
Until the web at large adopts the open HTML5 <video> tag, there will still be some sites that continue to use Adobe's proprietary Flash Player runtime. Assuming you have the Flash Player installed, either on your Windows box or Mac machine, be advised that there's a "critical" vulnerability affecting both platforms.
"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," Adobe stated in a Security Advisory. "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."
Affected software versions include Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac, 13.0.0.264 and earlier 13.x versions, and 11.2.202.440 and earlier versions for Linux. You can check which version you have installed by accessing the About Flash Player page or right-clicking on content running Flash Player and selecting "About Adobe (or Macromedia) Flash Player). Be sure to check for each browser you have on your system.
Adobe is planning to issue a fix for the zero-day vulnerability sometime this week, though no exact day was given. Trend Micro, which along with Microsoft helped discover the flaw, says users may consider disabling Flash Player altogether until a fixed version is released.
"It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself," Trend Micro says.
Sounds like HTML5 adoption can't come fast enough.
"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," Adobe stated in a Security Advisory. "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below."
Affected software versions include Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac, 13.0.0.264 and earlier 13.x versions, and 11.2.202.440 and earlier versions for Linux. You can check which version you have installed by accessing the About Flash Player page or right-clicking on content running Flash Player and selecting "About Adobe (or Macromedia) Flash Player). Be sure to check for each browser you have on your system.
Adobe is planning to issue a fix for the zero-day vulnerability sometime this week, though no exact day was given. Trend Micro, which along with Microsoft helped discover the flaw, says users may consider disabling Flash Player altogether until a fixed version is released.
"It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself," Trend Micro says.
Sounds like HTML5 adoption can't come fast enough.
