Researchers from cybersecurity company Trend Micro have reported that there are two more zero-day vulnerabilities in Adobe Flash, and no patches are available yet to fix the issue.
While Adobe has recently released an updated version of Flash to address the first zero-day vulnerability that was discovered by Trend Micro's Hacking Team in the previous weekend, the team has separately discovered two more such issues in the software.
Trend Micro had not seen the two newly discovered vulnerabilities as part of exploit kits the way the first vulnerability was. The researchers have only seen PoC code, or proof of concept code, which is code that reveals the existence of the vulnerability but does not mean that an attack has been carried out.
PoC codes are the first step along the process of tracing real attacks, which means that the situation for the two zero-day vulnerabilities can quickly escalate over the coming few days.
Trend Micro's researchers have issued a report to Adobe regarding the two zero-day vulnerabilities found in Flash, and the company has made updates to its security advisory with information regarding these possible exploits. Adobe has also started to address the two issues, with the company stating that it will be releasing updates within the week to fix them.
However, until a patch to fix the issues has been released, users are advised to disable Adobe Flash in the meantime for the security of their computer systems. In addition, users are also advised to disable Java as an extra precaution.
Trend Micro also warns that users should give special attention toward ad servers, which can potentially be compromised by the zero-day vulnerabilities found in Adobe Flash.
The cybersecurity company outlined in its Threat Report for the first quarter of the year that malvertising, which utilizes online advertising to propagate malware, is making a comeback. Malvertising leverages upon zero-day vulnerabilities that can be found in software such as Adobe Flash.
The vulnerabilities that can be found in both Flash and Java are particularly effective channels for malvertising, which is why these vulnerabilities are being included in exploit kits that can be used for attacking ad servers.