Adobe patched a trio of vulnerabilities in Flash Player, two of which the company says hackers were already exploiting in attacks targeting Mozilla Firefox.
The emergency update to Flash Player comes as the third emergency fix for the browser plug-in this month, and patches holes that could not only cause a crash, but could potentially allow attackers to take over an affected system.
In the accompanying security bulletin, Adobe confirmed it was patching three vulnerabilities in the popular Flash media player plug-in. According to the company, attackers were already exploiting two of those vulnerabilities.
"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash content," states the advisory, listing the vulnerabilities by Common Vulnerabilities & Exposures (CVE) identifiers. "The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser," adds the company.
Consequently, the two vulnerabilities Adobe singled out are in fact "zero-day" vulnerabilities, which means that criminals have already exploited them with attack code before updates patched the bugs.
The emergency updates, on Tuesday, Feb. 26, come less than three weeks after a Feb. 8 fix for two flaws exploited in the wild. The company already issued two other regularly scheduled updates for Flash since the beginning of 2013, as part of its efforts to sync its security releases with Microsoft's monthly Patch Tuesdays.
"Adobe assigned a Priority 1 rating to the vulnerabilities exploited on Windows and Mac OS X and recommends that users of both operating systems install the updates as soon as possible, preferably within 72 hours. The bulletin also assigned a Priority 3 rating to a Flash vulnerability facing Linux users.
The Priority 1 rating is Adobe's highest threat level, identifying "vulnerabilities being targeted or which have a higher risk of being targeted, by exploit(s) in the wild."
Users can download the patched versions of Flash Player for Windows, Mac and Linux from Adobe's website. Windows and Mac users can also wait for Flash's automatic updating tool to grab the update, while users of Google Chrome and Microsoft's Internet Explorer (IE) 10 on Windows 8 will receive the newest Flash via the browsers' own update mechanisms.
most read
related stories
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton