Trend Micro Incorporated (TYO: 4704) (TSE: 4704) researchers have discovered a new zero-day critical vulnerability (CVE-2015-0313) affecting all versions of Adobe Flash Player on Microsoft Windows and Apple Mac OSX. Researchers have identified active attacks using malicious advertisements or “malvertisements” against Microsoft Windows systems. This vulnerability has been confirmed by Adobe and the two companies are collaborating on this discovery to have a patch in place within the week. Trend Micro is advising users to consider disabling Flash Player until this patch is released.
Malvertising does not impact a single website, but rather an entire advertising network. It allows for malware to be easily spread across a large number of legitimate websites without directly compromising the sites. Based on Trend Micro’s Smart Protection Network findings, the majority of users who previously accessed the malicious server reside in the United States.
Trend Micro users currently utilizing Deep Security, Vulnerability Protection, Deep Discovery, Trend Micro Security, OfficeScan and Worry-Free Business Security are safe from potential attacks from this vulnerability.
To learn more about the Adobe Flash Player vulnerability visit Trend Micro’s TrendLabs Security Intelligence Blog or its Security Intelligence News article, which includes a complete infographic on how zero-day attacks via malvertisements work.