Flash Patch Targets Zero-Day Exploit

Adobe Flash has been a favorite target for hackers for years because there are many ways to exploit the platform whereby hackers can install malicious code on the PC including banking Trojans, key loggers and other dangerous malware. Using various drive-by download techniques, hackers are able to bypass security measures within Adobe Flash and patching these vulnerabilities has become a drawn out game of cat and mouse. Adobe patches while hackers find new vulnerabilities and the cycle continues. This is exactly what happened after Adobe released a patch last week.

In fact, it appears that hackers may have gotten the upper hand this time as Adobe has confirmed that a new exploit – based on the Angler exploit kit – was specifically designed to work around the protections built into the latest Flash update. A recent statement from Adobe confirms this vulnerability:

“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,”

Adobe said. “Additionally, we are investigating reports that a separate exploit for Flash Player and earlier also exists in the wild.” Although many of the details surrounding this exploit are still unknown, security researcher Kafeine recently reported that the Angler exploit kit is being used to target a previously undocumented vulnerability in Flash that works against multiple combinations of Microsoft Windows and Internet Explorer. Hackers using this commercially available crimeware kit are only targeting Windows Flash installations, but it’s worth noting that the same vulnerability patched in Flash’s latest update exists in both Mac and Linux Flash installations as well. The latest Flash update brings Windows and Mac installations to and Linux installations to version The fact that a new vulnerability has already been discovered on the heels of Adobe’s latest patch highlights the growing concern about the security of this outdated media player.

flash patch targets zero day exploit

As HTML5 becomes increasingly mainstream as an alternative (and much more secure) way to render online video content, the need for Flash will continue to lessen. Until Flash can be phased out completely, however, there are some ways to protect yourself from the continual security threats associated with the media platform. Most notably, enabling the click-to-run feature (available all on all modern browsers except Internet Explorer) disables Flash content (and Java applets) until the content is explicitly clicked on by the user. This protects the machine from drive-by download attacks that would otherwise run in the background of a malicious website.

If you haven’t done so already, you should also install Microsoft’s Enhanced Mitigation Experience Toolkit – a free tool designed to improve the security of third party applications.

Finally, ensure the latest versions of Windows, Flash, and your browser of choice are installed and ensure that antivirus definitions are updated frequently. According to a statement from Adobe, a new patch targeting this latest exploit should be released within the next week or two. Until that occurs, hackers will be leveraging this exploit to maximize profits so exercise caution while online to avoid this threat.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal