Adobe patches Flash bug, but must fix another

Adobe is investigating reports that hackers are abusing a Flash zero-day flaw, after it released a patch for another vulnerability earlier this week.

The software vendor fixed a bug only yesterday that was known to have been putting Chrome and Internet Explorer users at risk, but must now issue another update next week to solve the second problem, which has been widely discussed by security researchers.

Adobe said: "A Security Advisory has been published regarding [the second] critical vulnerability (CVE-2015-0311) in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux."

"We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below."

Security researchers revealed that the bug was being abused by the Angler exploit kit earlier this week, which dropped the Bedep malware used to defraud advert networks and distribute further viruses.

Flash is now thought to be the most exploited plugin on web browsers, according to the security vendor Malwarebytes, who claim that the video playing addon has been "plagued with critical vulnerabilities in the past few months" and even surpassed the Java plugin for poor security.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing