Adobe releases another Flash zero-day fix | SC Media
Patch management

Adobe releases another Flash zero-day fix

January 27, 2015

On Tuesday, Adobe released an emergency fix for a critical vulnerability in Flash Player – one of two zero-day flaws in the product which had been actively exploited in the past week.

In a security bulletin, the company said that the patch addressed two critical bugs: CVE-2015-0311, the use-after-free vulnerability being exploited in drive-by-download attacks, and CVE-2015-0312, a “double-free” vulnerability.

The updates were for Flash users on Windows, Macintosh and Linux, Adobe said, and resolved software issues that could allow code execution.

Adobe noted that zero-day attacks exploiting CVE-2015-0311 had been observed against Flash users running Internet Explorer and Firefox on Windows 8.1 and below.

Last Thursday, the company plugged a separate Flash zero-day, CVE-2015-0310, to address a memory leak issue in the popular media player. 

prestitial ad