Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming
Even Firefox users are at risk (plus IE folk, but that goes without saying)
Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking.
The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems.
An upcoming update to squash the critical bug makes it three patches in just two weeks for Flash.
Adobe Flash Player 18.104.22.1686 and earlier versions for Windows and Macintosh, 22.214.171.1244 and earlier 13.x versions, as well as Adobe Flash Player 126.96.36.1990 and earlier versions for Linux will all need updating. Adobe categorises the CVE-2015-0313 vulnerability tackled by the update as critical.
The vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, Adobe warned.
Trend Micro reports the new Flash exploit is being used in malvertisements.
Adobe expects to release the Flash Player update sometime this week (beginning 1 February). Until then, uninstall Flash or enable click-to-play in your browser. And, we reckon, keep it that way. ®