Two Zero-Day Bugs Found in Adobe Flash Player; Fixed with Update
Recently, two zero-day vulnerabilities were found in Adobe Flash Player, in which Adobe – today, issued an emergency update to solve. Adobe said in its advisory over the issue that one of the vulnerabilities, CVE-2013-0634, is being exploited in the wild.
The currently exploited vulnerability is being delivered as an attack via malicious Flash content, which is hosted on sites that target Flash Player in Firefox or Safari on the Mac OS platform. There are also attacks found for Windows users that trick users into opening a Microsoft Word document delivered as an email attachment. No surprise?
The second flaw, CVE-2013-0633, is being exploited in the wild in targeted attacks, doing the same with malicious Microsoft Word documents being implanted in email attachments.
Updates are available for the following platforms:
- Windows, 11.5.502.149, download
- Macintosh, 11.5.502.149, download
- Linux, 184.108.40.2062, download
- Android 4.x, 220.127.116.11, download
- Android 2.x-3.x, 18.104.22.168, download
- Google Chrome, 22.214.171.124, automatic update
- Internet Explorer 10, Windows 8, 11.3.379.14, automatic update
To see version information about Flash Player or what browser/OS you’re running, check out the following.
Remember, when updating, UNCHECK McAfee | Security Scan Plus, unless you really want to scan your computer. It is pre-checked, so you have to uncheck it.
Get protection from vulnerabilities now: