Adobe issues another patch for Flash vulnerabilities

Adobe issues another patch for Flash vulnerabilities

Summary: In its third update this month, the Flash developer rolls out another emergency update addressing three vulnerabilities--two of which have been exploited in targeted attacks.

SHARE:
TOPICS: Security, Software
6
adobe-flash-player
Two vulnerabilities CVE-2013-0643 and CVE-2013-0648 were exploited in targeted attacks, which tricked users into clicking a link directing them to a site with malicious Flash content.

Adobe Systems has released yet another emergency security update addressing three vulnerabilities in Flash, two of which have already been exploited by hackers.

In an advisory note released Tuesday, the company said it patched holes which could the system to a crash and potentially allow hackers to take control of the affected system.

Identifying the vulnerabilities by their Common Vulnerabilities & Exposures (CVE), Adobe said CVE-2013-0643 and CVE-2013-0648 had been exploited in targeted attacks to trick users into clicking a link directing them to a Web site containing malicious Flash content. The exploit for CVE-2013-0643 and CVE-2013-0648 was also designed to target the Firefox browser.

Adobe also assigned a Priority 1 rating, its highest threat level, to the vulnerabilities exploited on Windows and Mac OS X, and advised users of both operating systems to install the update within 72 hours. This vulnerability identifies vulnerabilities being targeted or have a higher risk of being targeted.

The note also assigned Priority 3 rating to a Flash vulnerability facing Linux users, which refers to products historically not a target of attackers.

This update is Adobe's third this month, with its second update less than three weeks ago. Two zero-day threats had been issued on February 8, addressing vulnerabilities affecting all versions of Flash or Windows, Mac, Linux, and Android. FireEye researchers on February 13 also warned users not to open PDFs from unknown sources in Adobe Reader, after they found a PDF zero-day being exploited in the wild. Adobe confirmed it was looking into this exploit.

Topics: Security, Software

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Really?

    "the company said it patched holes which could the system to a crash and potentially allow hackers to"
    Oknarf
  • That's Where ....

    Why rob banks? That's where the money is. Why take Adobe apart looking for flaws? Adobe Flash is "where the users is."
    MSeeseTweets
  • Did you know??

    I ran the updater and was a little annoyed that it had a "did you know?" screen touting how awesome Flash is because we're so dependent on it. That's not an asset to the users, only to Adobe. I can't wait to uninstall it forever once the web finally isn't using it any more.
    edelbrp
    • In top of that they install the google crapbar

      Adobe was one thing Jobs got right. It was crappy of MS and google to embed flash into IE and chrome. Manage addons/Shockwave Flash/Disable
      Johnny Vegas
    • In top of that they install the google crapbar

      Adobe was one thing Jobs got right. It was crappy of MS and google to embed flash into IE and chrome. Manage addons/Shockwave Flash/Disable
      Johnny Vegas
  • Roll on HTML5

    At least patching and security will be in the hands of the browser maker.
    Alan Smithie