Patch/Configuration Management, Vulnerability Management

Adobe releases another Flash zero-day fix


On Tuesday, Adobe released an emergency fix for a critical vulnerability in Flash Player – one of two zero-day flaws in the product which had been actively exploited in the past week.

In a security bulletin, the company said that the patch addressed two critical bugs: CVE-2015-0311, the use-after-free vulnerability being exploited in drive-by-download attacks, and CVE-2015-0312, a “double-free” vulnerability.

The updates were for Flash users on Windows, Macintosh and Linux, Adobe said, and resolved software issues that could allow code execution.

Adobe noted that zero-day attacks exploiting CVE-2015-0311 had been observed against Flash users running Internet Explorer and Firefox on Windows 8.1 and below.

Last Thursday, the company plugged a separate Flash zero-day, CVE-2015-0310, to address a memory leak issue in the popular media player. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.