A zero day vulnerability in Flash is being actively used by cybercriminals, according to Forbes.
The vulnerability uses the Angler exploit kit, and targets users in drive-by-download attacks via compromised websites, PC World explains. Fortunately, not everyone is affected, with Windows 8.1 users seemingly immune, along with those that use the Chrome web browser.
However to date, researchers have found that Windows XP computers running Internet Explorer 6 to 8, Windows 7 computers running Internet Explorer 8 and Windows 8 computers running Internet Explorer 10 are all susceptible to the vulnerability.
ZDNet writes that the Angler exploit kit was targeting three weaknesses in Flash - two of which Adobe has already fixed, and one that the company is currently investigating.
Zero-day exploits are, as PC World points out, rare in exploit kits, which tend to target known vulnerabilities: "Zero-day exploits are valuable to hackers, which is why they’re more commonly used in targeted attacks where the stakes are higher and the goal is usually cyberespionage. It’s unusual to see them in mass attacks like those performed with Angler and other exploit kits."
A spokeswoman from Adobe told ZDNet that the company is aware of the report, and was "investigating the matter." Once a fix is published, be sure to follow the We Live Security guide to updating your flash player plug-in, but until then, be sure to exercise caution in your browsing.
