Adobe issues second emergency patch for exploited zero-day

Adobe has issued an emergency, out of band security patch following reports of an actively exploited zero-day vulnerability in the popular Flash Player software.

The company said in its security bulletin that the CVE-2015-0311 vulnerability could allow attackers to take control over users' systems in drive-by download attacks, in which visitors to malicious websites have their computers infected without their knowledge.

Computers running the Internet Explorer and Firefox web browsers on Microsoft Windows 8.1 and earlier versions of the operating system are being actively targeted by attackers, Adobe said.

Adobe has recommended that administrators install the update as soon as possible, no later than 72 hours after the issuance of the patch.

Users should update Flash Player to version 16.0.0.296 on Windows and OS X, and 11.2.202.440 on Linux. The Chrome and Internet Explorer for Windows 8.x web browsers will be updated automatically by Google and Microsoft, with new versions of Flash Player.

Kafeine, the researcher credited with finding the zero-day vulnerability and its inclusion in the Angler exploit kit, said the flaw was being used as a standalone as well to spread ransomware.

Why bothering with an EK when you have CVE-2015-0311?Being used in standalone mode to spread Reveton on Adult Traffic pic.twitter.com/0a8JLzhOD7

— Kafeine (@kafeine) January 24, 2015

Malicious adult websites attempt to plant the Reveton trojan horse on visitors' computers, through a compromised Flash Player file that is downloaded and executed without user interaction.

Source: Kafeine

Reveton has been active for the last few years, and locks infected machines with a fake notice purporting to be from law enforcement. Attackers then demand money from users to issue an unlock code.

Analysis by security vendor Trend Micro showed that the vulnerability is a use-after-free or dangling pointer type bug.

This flaw, which Trend Micro said is similar to earlier ones in Flash Player, allows an attacker to arbitrarily read and write into system memory, and thus execute malicious code.