On Tuesday, Adobe released an emergency fix for a critical vulnerability in Flash Player – one of two zero-day flaws in the product which had been actively exploited in the past week.
In a security bulletin, the company said that the patch addressed two critical bugs: CVE-2015-0311, the use-after-free vulnerability being exploited in drive-by-download attacks, and CVE-2015-0312, a “double-free” vulnerability.
The updates were for Flash users on Windows, Macintosh and Linux, Adobe said, and resolved software issues that could allow code execution.
Adobe noted that zero-day attacks exploiting CVE-2015-0311 had been observed against Flash users running Internet Explorer and Firefox on Windows 8.1 and below.
Last Thursday, the company plugged a separate Flash zero-day, CVE-2015-0310, to address a memory leak issue in the popular media player.