Adobe has issued another update for the Flash Player this week as another day zero exploit has been discovered. The new update addresses “critical” security vulnerabilities, which if exploited would have allowed malicious native-code to run without the user even being aware. The new patch was released on Tuesday and was actually supposed to fix an earlier issue.
Adobe issued a patch earlier this month to fix security holes, though it turned out the bug was still present, causing an additional patch to be issued this week.
Attackers abusing these Flash loopholes are currently only known to target government agencies as part of an on-going campaign known as Pawn Storm. Trend Micro published a blog post about the zero-day bug as well, which explains the security flaw a little better.
An Adobe spokeswoman did confirm to Ars Technica that researchers showed the company with proof of the exploit on Tuesday morning, resulting in the emergency patch update.
KitGuru Says: These problems are becoming pretty common with Flash and a lot of companies and even web browsers are dropping support for it entirely due to security issues like these.