Adobe today released emergency updates for its popular Flash Player to fix a flaw in the application that the company said could be used to bypass memory randomisation mitigations while running on Windows.
The company's security advisory said that it is aware of reports of an in-the-wild export for the CVE-2015-0310 flaw that it is being used to attack older versions of Flash Player.
It gave the vulnerability a priority rating of 2 for Windows and OS X, which the company defines as not having any known exploits. Administrators are recommended to install the update within thirty days or sooner.
While the updates plug the CVE-2015-0310 vulnerability, they do not address a zero-day discovered by security researcher Kafeine that affects Flash Player version 220.127.116.117 and earlier.
Adobe said it is investigating the latest exploit, which is incorporated into the Angler exploit kit, and which attempts to install the Bedep botnet on vulnerable systems. Bedep can be used to install various malware such as denial of service bots, remote access kits, keystroke loggers and more.
Kafeine meanwhile discovered that the Angler developers have updated the exploit kit which now attacks the Mozilla Firefox browser as well as Windows 8.1.
One last bad news : Windows 8.1 Internet Explorer 11 fully updated is now owned as well. pic.twitter.com/TgIMVoXliU— Kafeine (@kafeine) January 22, 2015
New versions of Flash Player are now available for Microsoft Windows, Apple OS X and Linux, with users being advised to update to version 18.104.22.1687 on the two former operating systems, and 22.214.171.1248 on the later.
Users of Google Chrome and Windows Internet Explorer are advised to update their web browsers to the latest releases.