Adobe Systems released a security update today that addresses a trio of vulnerabilities in Flash, two of which it said were already being exploited by hackers.
Today's surprise update -- the company's third for the browser plugin this month -- patches holes "that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security bulletin.
"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash content," the advisory stated, identifying the vulnerabilities by their Common Vulnerabilities & Exposures. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the
Firefox browser."
Adobe assigned a Priority 1 rating to the vulnerabilities being exploited on Windows and
Mac OS X and advised users of both operating systems to install the update within 72 hours. That rating -- Adobe's highest threat level -- identifies "vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild." The bulletin also assigned the Flash vulnerability facing Linux users a Priority 3 rating, which refers to "a product that has historically not been a target for attackers."
Adobe recommends users update to the latest versions:
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows and Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171.
- Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for
Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.6.602.171 for Windows.
The update is Adobe's third this month and its second emergency update in less than three weeks. A fix for two zero-day threats issued on February 8 addressed vulnerabilities that affected all versions of Flash on Windows, Mac, Linux, and Android.
Adobe issues emergency patch for zero-day Flash vulnerabilities
This article
Adobe issues emergency patch for zero-day Flash vulnerabilities
can be opened in url
http://newsmaturing.blogspot.com/2013/02/adobe-issues-emergency-patch-for-zero.html
Adobe issues emergency patch for zero-day Flash vulnerabilities