A Flash vulnerability, which Adobe patched in its last security update, has been retargeted with a variant.
The flaw allows attackers to execute arbitrary code via unspecified vectors, according to CVE 2015-5560. Though Adobe issued security update 22.214.171.124 to mitigate the original bug, researchers at security firm Morphisec found a new variant, an “in-the-wild exploit residing in a Nuclear exploit kit bypasses the recent Flash mitigation for vector corruption.”
Apple’s late CEO Steve Jobs was against allowing the Flash plugin on Apple devices, Mozilla is already preventing it from executing within its Firefox browser, while Facebook’s new CSO, Alex Stamos, recently tweeted, “It is time for Adobe to announce the end-of-life date for Flash.”
Users are once again being advised to patch the popular multimedia and software platform when updates are issued and to implement detection solutions.
Update: Thursday, Oct. 18