Patch/Configuration Management, Vulnerability Management

Adobe releases another Flash zero-day fix

On Tuesday, Adobe released an emergency fix for a critical vulnerability in Flash Player – one of two zero-day flaws in the product which had been actively exploited in the past week.

In a security bulletin, the company said that the patch addressed two critical bugs: CVE-2015-0311, the use-after-free vulnerability being exploited in drive-by-download attacks, and CVE-2015-0312, a “double-free” vulnerability.

The updates were for Flash users on Windows, Macintosh and Linux, Adobe said, and resolved software issues that could allow code execution.

Adobe noted that zero-day attacks exploiting CVE-2015-0311 had been observed against Flash users running Internet Explorer and Firefox on Windows 8.1 and below.

Last Thursday, the company plugged a separate Flash zero-day, CVE-2015-0310, to address a memory leak issue in the popular media player. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds