{"id":36682,"date":"2015-02-05T12:20:46","date_gmt":"2015-02-05T20:20:46","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=36682"},"modified":"2017-01-06T15:50:51","modified_gmt":"2017-01-06T23:50:51","slug":"adobe-blocks-0day-vulnerability-in-flash-player-16-0-0-296","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/adobe-blocks-0day-vulnerability-in-flash-player-16-0-0-296\/","title":{"rendered":"Adobe Blocks (Another!) 0-Day Vulnerability in Flash Player 16.0.0.296"},"content":{"rendered":"

\"adobe-patched-header\"<\/a>Adobe has blocked another critical 0-day vulnerability in Adobe Flash Player 16.0.0.296 and earlier versions for Mac and Windows with new security updates, updating Flash Player to version 16.0.0.305. These updates address a critical\u00a0vulnerability, identified as CVE-2015-0313, reportedly used in malvertisement attacks<\/a>.<\/p>\n

Affected software versions include: Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh, and Adobe Flash Player 13.0.0.264 and earlier 13.x versions.<\/p>\n

The new Adobe Flash Player comes only a week after two other\u00a00-Day vulnerabilities in Flash were discovered to have been exploited by the Angler\u00a0Exploit Kit<\/a>. Those vulnerabilities were patched with Flash Player 16.0.0.296<\/a>, which is now an outdated, vulnerable version of Adobe software.<\/p>\n

The\u00a00-day vulnerability patched in todays update is described as follows:<\/p>\n

CVE-2015-0313<\/a> :\u00a0Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and 14.x, 15.x, and 16.x through 16.0.0.296 on Windows and OS X and through 11.2.202.440 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in February 2015.<\/p><\/blockquote>\n

According to Adobe<\/a>, “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. [\u2026] [T]his vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”<\/p>\n

Users of Adobe Flash Player for Mac and Windows should update to Adobe Flash Player 16.0.0.305<\/a> (14.9 MB) immediately. Adobe\u00a0said the company is working with their distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.<\/p>\n

\n
\n
\n

Intego VirusBarrier<\/a>\u00a0with up-to-date antivirus\u00a0definitions detects this 0-day vulnerability\u00a0as\u00a0Flash\/NuclearEK<\/strong>.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Adobe has blocked another critical 0-day vulnerability in Adobe Flash Player 16.0.0.296 and earlier versions for Mac and Windows with new security updates, updating Flash Player to version 16.0.0.305. These updates address a critical\u00a0vulnerability, identified as CVE-2015-0313, reportedly used in malvertisement attacks. Affected software versions include: Adobe Flash Player 16.0.0.296 and earlier versions for Windows […]<\/p>\n","protected":false},"author":4,"featured_media":9909,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[15,1957,1876,1960,1966,701],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n