Latest Adobe Flash vulnerability appears in exploit kits

News
By published

Security experts ask: is it time to just cut Flash loose?

Adobe Flash hit with zero day vulnerability again

The latest zero-day vulnerability affecting Adobe's Flash Player has ended up in online exploit kits.

Many, many zero-day flaws exist for Flash Player, but the latest discovered by security firm FireEye, is already being used in Magnitude and Angler EK exploit kits, as discovered by threat researcher Kafeine of Malware Don't Need Coffee.

The bug AKA CVE-2015-3113 - has already been patched by Adobe, and the fix can be downloaded from the company's website, but users must act fast so they don't fall victim to hackers armed with the malware kits.

The latest in an increasingly long string of Flash Player security holes, the bug has already targeted Internet Explorer for Windows 7 and below, and Firefox for Windows XP, according to reports.

Adobe has designated its patch a high priority, but Linux is classified as a slightly lower risk.

However, flaws like this are becoming more and more common for Adobe Flash, and some security experts are suggesting that it would be wiser to simply ditch the software altogether.

Analyst Brian Krebs wrote in a blog post that "it might be worth considering whether you really need to keep Flash Player installed at all", stating that he barely missed it after foregoing the common plug-in for a month.

Mark James, security specialist at IT security firm ESET, called Adobe Flash "one of the most targeted apps for vulnerability". He added: "If you want to affect as many people as possible then you need an application that a lot of users use and Flash is one of them".

Security firm Bromium's Clinton Karr noted that this newest exploit "illustrates why internet content is so untrustworthy". He called it "a greenfield for hackers with no end in sight".

The consensus among the security community is that these patches should be deployed as soon as possible, but given the increasing frequency with which they are required, it seems like it may not be long before Adobe's Flash Player is a bigger risk than it is a benefit.

Adam Shepherd
Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.

Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.

‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.

Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.

AI PCs are becoming a no-brainer for IT decision makers
See more latest
Most Popular
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks
UK Prime Minister Keir Starmer speaking during a Q&A session after delivering a speech on plans to reform the civil service, during a visit to Reckitt Benckiser Health Care UK.
Starmer bets big on AI to unlock public sector savings
Ransomware concept image showing digitized padlock pictured on a laptop screen on red background
February was the worst month on record for ransomware attacks – and one threat group had a field day
Programming code and big data wave on a black background.
Open source security in the spotlight as UK gov publishes fresh guidance
Cartoon-style recruitment concept image showing male job candidate sitting across desk from female hiring manage during an interview.
Tech talent shortages mean firms are scrapping traditional recruitment strategies
Agentic AI concept image showing human brain split in two halves, with one side digitized on a grid pattern and the other illuminated in yellow with brainwaves emitting.
National Grid investment wing backs AI startups to boost energy efficiency
Layoffs concept image showing line of cartoon-style laid-off workers leaving an office space with belongings in cardboard boxes.
Laid-off workers are ditching full-time work: 70% of staff caught up in brutal layoffs opted for part-time roles and freelance gigs – and flexibility was the big appeal for many