Flash Zero-Day Used in Attacks Now Patched



You may want to add updating your Flash Player on your to-do list.

Adobe released a patch for a newly discovered flaw in its Flash Player system. Tagged as CVE-2014-0515, this previously unknown flaw is considered a zero-day vulnerability.

If left unpatched, attackers can use it to remotely access your computer and then turn it into a gold mine of information or a zombie computer in a botnet.

Used in Targeted Attacks

Attackers have already exploited this vulnerability to target Flash Player users running Windows in a business environment. They used a Trojan that requires a specific web conferencing app.

Further Trend Micro analysis shows that this exploit attempts to insert excess data into a computer’s memory until it’s corrupted and open for control. This exploitation method has been previously used on Adobe Reader and other Internet Explorer vulnerabilities.

Impact on Flash Player Users

People who use Flash Player to run various multimedia programs, stream video and audio files, and access other Flash-based applications are exposed to this flaw.

Adobe has listed the specific affected versions on its website:

“Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.”

Adobe Security Bulletin, April 28, 2014

To know if your computer is affected, go to the Adobe Flash Player about page and look for “Version Information.”
 
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.