For the third time in as many weeks, Adobe's Flash Player is being used by criminals to launch attacks against the public.
A malicious advertising campaign on Dailymotion.com has led to thousands of infections due to the use of a Flash Player vulnerability that's currently without a patch.
Details about this latest attack come from researchers at Trend Micro who discovered today’s attack dates back to at least Jan. 14, 2015, with increased activity beginning Jan. 27, 2015.
As of Monday morning, there were nearly 3,300 hits to the malicious hosted page; a majority of them form the United States.
This latest zero-day vulnerability, as was the case with the previous two, impact the latest release of Adobe's Flash Player (220.127.116.116) and earlier versions. An advisory from Adobe confirmed the attacks, noting that users on Internet Explorer and Firefox were the primary targets.
"Adobe expects to release an update for Flash Player during the week of February 2," their advisory states.
Late last month, (after the disclosure from security researcher Kafeine) a second Flash Player vulnerability was added to the Angler exploit kit, but only the first flaw was fixed when Adobe released Flash Player version 18.104.22.1687 as part of their normal update cycle.
On January 25, version 22.214.171.1246 was released, which patched the second zero-day flaw.
In each of the three attacks, the Angler exploit has been the primary delivery vehicle, leveraging the popularity of websites such as Dailymotion.com in order to target as many people as possible.