Looks like we can’t have two weeks without a flash 0-Day. Today, Feb 2nd, Adobe released another security advisory revealing CVE-2015-0313. Adobe says that they’re aware of this Flash exploit being actively abused (they’re probably referring to the TendMicro blogpost).

Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. – Adobe

TendMicro reports that users of “dailymotion.com” were infected by an ad loading a SWF which used the discovered zero-day. Adobe wants to release a fix for this particular zero-day later this week. I doubt CVE-2015-0313 won’t be the last Flash zero-day we’ll see this year. As soon as new information is released, I’ll update this blogpost.

You can force a Flash Player update as soon as the new version is released.

Update: Adobe Flash Player version 16.0.0.305 is going to be shipped from 4th Feb 2015.

More Info:

– Adobe Security Bulletin

– Trend Micro Blog