Adobe issues another patch for Flash vulnerabilities

Summary:In its third update this month, the Flash developer rolls out another emergency update addressing three vulnerabilities--two of which have been exploited in targeted attacks.

adobe-flash-player
Two vulnerabilities CVE-2013-0643 and CVE-2013-0648 were exploited in targeted attacks, which tricked users into clicking a link directing them to a site with malicious Flash content.

Adobe Systems has released yet another emergency security update addressing three vulnerabilities in Flash, two of which have already been exploited by hackers.

In an advisory note released Tuesday, the company said it patched holes which could the system to a crash and potentially allow hackers to take control of the affected system.

Identifying the vulnerabilities by their Common Vulnerabilities & Exposures (CVE), Adobe said CVE-2013-0643 and CVE-2013-0648 had been exploited in targeted attacks to trick users into clicking a link directing them to a Web site containing malicious Flash content. The exploit for CVE-2013-0643 and CVE-2013-0648 was also designed to target the Firefox browser .

Adobe also assigned a Priority 1 rating, its highest threat level, to the vulnerabilities exploited on Windows and Mac OS X, and advised users of both operating systems to install the update within 72 hours. This vulnerability identifies vulnerabilities being targeted or have a higher risk of being targeted.

The note also assigned Priority 3 rating to a Flash vulnerability facing Linux users, which refers to products historically not a target of attackers.

This update is Adobe's third this month, with its second update less than three weeks ago. Two zero-day threats had been issued on February 8 , addressing vulnerabilities affecting all versions of Flash or Windows, Mac, Linux, and Android. FireEye researchers on February 13 also warned users not to open PDFs from unknown sources in Adobe Reader,  after they found a PDF zero-day being exploited in the wild . Adobe confirmed it was looking into this exploit.

Topics: Security, Software

About

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.