Adobe’s Latest Zero-Day Exploit Repurposed, Going Viral Via Adult Websites
At this point, I think it's safe to call the security level of Adobe's Flash player "asinine". Sometimes, it feels like full-blown OSes, such as Windows, have far fewer bugs. When is the last time you remember having to update your OS with an emergency patch? Now how about Adobe Flash? Exactly.
Well, since Adobe didn't put it in its New Years' resolutions to release more secure software, this is a reality that's not going to change too soon. Yesterday, the company issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit).
To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year.
That's a little scary, and clear proof that Adobe's Flash plugin simply needs to die off. There's a clear reason why many media websites have already transitioned to HTML 5 instead of Flash. On that front, Adobe's had a lot of time to improve the security situation of its Flash player, but it simply hasn't happened, and a ridiculous bug like CVE-2015-0301 is living proof.
To make sure you're up-to-date, you can head on over to the official Flash player download page and check - or at least hopefully, as the site is broken as of the time of writing. The version you'll want to verify you're running is 18.104.22.1686 for Windows, OS X, and Chrome OS, and 22.214.171.1240 for Linux.