Recently, two zero-day vulnerabilities were found in Adobe Flash Player, in which Adobe – today, issued an emergency update to solve. Adobe said in its advisory over the issue that one of the vulnerabilities, CVE-2013-0634, is being exploited in the wild.
The currently exploited vulnerability is being delivered as an attack via malicious Flash content, which is hosted on sites that target Flash Player in Firefox or Safari on the Mac OS platform. There are also attacks found for Windows users that trick users into opening a Microsoft Word document delivered as an email attachment. No surprise?
The second flaw, CVE-2013-0633, is being exploited in the wild in targeted attacks, doing the same with malicious Microsoft Word documents being implanted in email attachments.
Updates are available for the following platforms:
- Windows, 11.5.502.149, download
- Macintosh, 11.5.502.149, download
- Linux, 126.96.36.1992, download
- Android 4.x, 188.8.131.52, download
- Android 2.x-3.x, 184.108.40.206, download
- Google Chrome, 220.127.116.11, automatic update
- Internet Explorer 10, Windows 8, 11.3.379.14, automatic update
To see version information about Flash Player or what browser/OS you’re running, check out the following.
Remember, when updating, UNCHECK McAfee | Security Scan Plus, unless you really want to scan your computer. It is pre-checked, so you have to uncheck it.
Get protection from vulnerabilities now:
Oracle did what all of us were hoping they would do – release an out-of-band patch for the latest Java zero-day vulnerability. The new version of Java, 1.7.0_07 and 1.6.0_35, both fix the vulnerabilities mentioned in CVE-2012-4681.
If you need Java we recommend that you install this update immediately. If you have no need for Java we recommend that you uninstall Java all together instead if you haven’t already done so. More information from Oracle about the vulnerability and patch is available in their security alert.
Information obtained from Websense and other communities.