Flash plugin 0-day vulnerability in the wild
Martin Stransky
stransky at redhat.com
Mon Jan 26 12:40:29 UTC 2015
On 01/23/2015 10:51 AM, Martin Stransky wrote:
> Folk,
>
> There's a live 0-day flash vulnerability which is not fixed yet [1][2].
> If you use flash plugin I recommend you to enable the click-to-play mode
> for it.
>
> There's also a Fedora Firefox update with such change [3].
>
> ma.
>
> [1]
> https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213
>
> [2]
> http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
>
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1185241
This vulnerability has got CVE-2015-0311 name [1]. Thx to drago01 to
point that out. Unfortunately it's still unfixed by Adobe and latest
flash for Linux/Firefox (11.2.202.438) is still vulnerable.
ma.
[1] http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
[2] http://www.adobe.com/software/flash/about/
More information about the devel
mailing list