Adobe Patches Two Zero Days

Monday, February 11, 2013 @ 01:02 PM gHale


Adobe is now covering two Zero Day vulnerabilities as it sent out an emergency patch for its Flash Player.

Adobe said one of the vulnerabilities allows for an exploit to drop malware on Windows and Mac OS X systems. Attackers are already taking advantage of the holes.

RELATED STORIES
Trojan a Work of ‘Poetry’
Ransomware Encrypts Data
Ransomware Uses Java Zero Day
Java Zero Day Exploits Ready to Go

Adobe said in an advisory attackers are leveraging one of the vulnerabilities via malicious Flash content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment.

Adobe also warned that a separate flaw is also out there that tricks the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash content. The company said this exploit targets the ActiveX version of Flash Player on Windows (i.e. Internet Explorer users).

Updates are available for Windows, Mac, Linux and Android users.

Flash Player installed with Google Chrome should automatically update to the latest Google Chrome version, which will include Adobe Flash Player v. 11.5.31.139 for Windows, Macintosh and Linux. Likewise, Internet Explorer 10 for Windows 8 also includes an auto-update feature, which should bring Flash to version 11.3.379.14 for Windows.

Adobe’s advisory said the vulnerability used to attack Mac and Windows users was reported with the help of the Shadowserver Foundation, the federally funded technology research center MITRE Corp., and aerospace giant Lockheed Martin‘s computer incident response team.



Leave a Reply

You must be logged in to post a comment.