Critical Vulnerability in Adobe Flash Being Actively Exploited
Date: 02 February 2015
The purpose of this Alert is to bring attention to a recently published Critical Security Advisory for Adobe Flash Player.
CCIRC is aware of several popular websites which have been re-directing users to websites serving a malicious .swf file exploiting a critical vulnerability in Adobe Flash. Malicious ad re-direction or Malvertising is serving an exploit, identified as CVE-2015-0313, which affects the most recent version of Adobe Flash. When the user is redirected to the compromised site, they are automatically infected with no further input or interaction with the user. Successful exploitation could potentially allow an attacker to take control of the affected system.
Adobe Flash Player 220.127.116.116 and earlier versions for Windows and Macintosh
Adobe Flash Player 18.104.22.1684 and earlier 13.x versions
Adobe Flash Player 22.214.171.1240 and earlier versions for Linux
Adobe is expected to release an updated version of Flash later this week. Organizations should prioritize implementation of this update when available.
Security Advisory for Adobe Flash Player
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
TR11-001 Malware Infection Recovery Guide
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
- Date modified: