Adobe fixed another dangerous vulnerability Flash Player
Adobe has released another unplanned update for Flash Player ( APSB15-04 ). This time we are talking about the 0day vulnerability CVE-2015-0313, which was used by attackers to implement drive-by download attacks (covert installation of malicious software). This is the third update of the Flash Player in the last two weeks. As we wrote earlier , Adobe has released unplanned updates of Flash Player to close other Remote Code Execution 0day vulnerabilities that are under active exploitation.
Like last time, we are talking about exploiting the Flash Player vulnerability for MS IE and Mozilla Firefox web browsers, but not Google Chrome. It should be noted that Google Chrome has a full-fledged mechanism for isolating its tab processes from exploits to performing system functions, the so-called. full sandbox ( it works always and by default ). Firefox doesn’t have such a mechanism, and for IE it is not active by default (Advanced Protected Mode) Since the Flash Player process is launched by the browser itself to play the relevant content and in the context of the tab process, the sandbox mechanism significantly complicates the process of exploiting the vulnerability or makes it completely impossible.
')
The Apple Safari web browser on OS X blocks the use of outdated out-of-date versions of Flash Player in order to protect the user from those vulnerabilities that have already been covered by Adobe.
The plugin itself can be disabled, how to do it for different browsers, see here .
We recommend regularly updating the Flash Player you use. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their Flash Player versions automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.
be secure.
It is actively being exploited in the wild and can be seen below.
Like last time, we are talking about exploiting the Flash Player vulnerability for MS IE and Mozilla Firefox web browsers, but not Google Chrome. It should be noted that Google Chrome has a full-fledged mechanism for isolating its tab processes from exploits to performing system functions, the so-called. full sandbox ( it works always and by default ). Firefox doesn’t have such a mechanism, and for IE it is not active by default (Advanced Protected Mode) Since the Flash Player process is launched by the browser itself to play the relevant content and in the context of the tab process, the sandbox mechanism significantly complicates the process of exploiting the vulnerability or makes it completely impossible.
')
The Apple Safari web browser on OS X blocks the use of outdated out-of-date versions of Flash Player in order to protect the user from those vulnerabilities that have already been covered by Adobe.
The plugin itself can be disabled, how to do it for different browsers, see here .
We recommend regularly updating the Flash Player you use. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their Flash Player versions automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.
be secure.
Source: https://habr.com/ru/post/249893/
All Articles