Like this year’s other two Flash flaws, the latest vulnerability is exploited by malvertising attacks, which use malicious advertisements to load exploits. It’s not yet known whether cyber criminals are using the same exploit kit for all three.
According to Trend Micro, which discovered this flaw, “visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to the URL hxxp://www.retilio.com/skillt.swf, where the exploit itself was hosted. It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself.”
Affected versions are:
- Adobe Flash Player 220.127.116.116 and earlier versions for Windows and Mac OS X
- Adobe Flash Player 18.104.22.1684 and earlier 13 x versions
Adobe has already released two Flash Player updates over the past fortnight, in response to CVE-2015-0310 and CVE-2015-0311. New updates are expected from later this week. Until then, ensure that your antivirus is up to date, and enable click-to-play to stop Flash running automatically.
Bear in mind, too, that you should only download legitimate updates from Adobe. The BBC reports that pornography shared via Facebook includes a fake Flash Player update, which installs malware.