Die Already! Adobe Patches Another Zero Day Security Exploit Used By Chinese Hackers

Adobe's Flash Player has more holes than Swiss cheese, only Swiss cheese doesn't leave you vulnerable to hacker attacks. Flash Player often does, and yet again, there's a zero-day exploit that could allow an attacker to take control of an affected system. The discovered vulnerability and its severity has led to Adobe releasing an out-of-band security patch.

This latest zero-day annoyance affects Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh, Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macs, and Flash Player 11.2.202.466 and earlier 11.x versions for Linux.

"Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets," Adobe said.

Adobe Building

The vulnerability was discovered by security firm FishEye, which warns that a sophisticated group of Chinese hackers known as APT3 is taking advantage of the exploit via a large-scale phishing campaign. They've been targeting organizations in the aerospace and defense, construction and engineering, high tech, telecommunications, and transportation industries.

If you access Flash content on the web using Google Chrome or Microsoft Internet Explorer on Windows 8.x, you should automatically receive the security update, bumping up your version of Flash Player to 18.0.0.194. Everyone else should manually download the update.

Unsure which version of Flash Player you have installed? You can check by visiting the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player." Be sure to perform the check on each browser you run.

Via:  Adobe
Show comments blog comments powered by Disqus