Adobe Issues Yet Another Flash Update
The update patches flaws that could allow an attacker to take control of the affected system.
Adobe recently announced the release of security updates for Adobe Flash Player that "address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system."
"Adobe's update patches a bug in the Flash sandbox (CVE-2013-0643), a bug in the ExternalInterface ActionScript feature (CVE-2013-0648), and a buffer overflow vulnerability (CVE-2013-0504)," writes InformationWeek's Mathew J. Schwartz. "The latter two bugs can be exploited by attackers to execute arbitrary code on systems. According to Adobe, the first two vulnerabilities are being actively exploited in an attack directed at Firefox users that's 'designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content.'"
"Adobe assigned a Priority 1 rating to the vulnerabilities being exploited on Windows and Mac OS X and advised users of both operating systems to install the update within 72 hours," writes CNET News' Steven Musil. "That rating -- Adobe's highest threat level -- identifies 'vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild.'"
"Users who have set up automatic updating for Flash need only to wait for the updates to be pushed out," writes Help Net Security's Zeljka Zorz. "The rest are advised to download patched version for Windows, Mac and Linux."
"Adobe last fixed Flash Player just two weeks ago when it fixed 17 vulnerabilities with a regularly scheduled update," notes Threatpost's Christopher Brook. "That patch only came a few days after the company issued an out-of-band patch for two zero day vulnerabilities that were being exploited in the wild."