Adobe updates Flash Player again, plugs 0-day exploited by Angler
Adobe made good on its promise to make available by this week a fix for the recently discovered critical zero-day Flash Player vulnerability (CVE-2015-0311) preyed on by the Angler exploit kit.
The company has first issued on Friday an out-of-band update for the software that plugs another zero-day security hole (CVE-2015-0310) exploited in the wild, and on Saturday released another one that solves CVE-2015-0311.
The newest versions – Flash Player 188.8.131.526 (Win and Mac) and Flash Player 184.108.40.2060 (Linux) – have been received on Saturday by all those users who have enabled auto-update for the Flash Player desktop runtime.
The rest of the users only had to wait a day more for the download links for these versions to be made available.
According to the most recent information, the flaw is currently being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Adobe is working with their distribution partners to make the update automatically available in Google Chrome and Internet Explorer 10 and 11.