Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

Even Firefox users are at risk (plus IE folk, but that goes without saying)

Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking.

The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems.

An upcoming update to squash the critical bug makes it three patches in just two weeks for Flash.

Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh, 13.0.0.264 and earlier 13.x versions, as well as Adobe Flash Player 11.2.202.440 and earlier versions for Linux will all need updating. Adobe categorises the CVE-2015-0313 vulnerability tackled by the update as critical.

The vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, Adobe warned.

Trend Micro reports the new Flash exploit is being used in malvertisements.

Adobe expects to release the Flash Player update sometime this week (beginning 1 February). Until then, uninstall Flash or enable click-to-play in your browser. And, we reckon, keep it that way. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like