Adobe Flash is quickly becoming a liability.
Another zero-day vulnerability (CVE-2015-0313) has been found in Adobe Flash Player, the third such problem this year. This time, Adobe itself has drawn attention to the issue, warning that the CVE-2015-0313 security flaw can be taken advantage of using the Angler Exploit kit, a favourite amongst hackers.
The Adobe website post reads:
A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Adobe expects to release an update for Flash Player during the week of February 2. For more information on updating Flash Player please refer to this post.
Adobe considers the risk of this issue as critical. It is advisable for anyone concerned about the vulnerability to disable Flash Player within their chosen browser, at least until Adobe releases a patch for it.
Source: GreatSoftLine
Maybe they should hold on to the updates before releasing them for just a bit longer.