Adobe has released an emergency security update for its widely used Flash media player to patch a vulnerability being actively exploited on the Internet. The company is advising Windows and Mac users to install it in the next 72 hours.
An advisory the software company issued on Tuesday said only that affected Flash flaws "are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content." It identified the bugs as CVE-2013-0643 and CVE-2013-0648 as indexed in the common vulnerabilities and exposures database. The advisory added the exploits targeted the Firefox browser. A spokeswoman said no other attack details are available.
Adobe's advisory assigns a priority rating of 1 to Flash versions that run on Microsoft Windows or Mac OS X computers. The rating is reserved for "vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild." The priority for Linux users carries a rating of 3, which is used to designate "vulnerabilities in a product that has historically not been a target for attackers."
Tuesday's release is the third time this month Adobe has released security updates for Flash. An update issued on February 7 fixed two vulnerabilities that were being actively exploited online to surreptitiously install malware, one in attacks that targeted Mac users. A second update that followed five days later was part of a previously scheduled patch release. Six days ago, Adobe also released an update for its Reader application to fix a vulnerability that was also being actively exploited online to hijack computers.
Recent versions of Flash are equipped to receive and install updates automatically, but there can sometimes be a delay before the mechanism is triggered.
Read here: http://arstechnica.com/security/201...-security-update-this-month-for-flash-player/