Adobe pushes patch for actively exploited Flash Player vulnerability

Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users.

Adobe Systems Inc. is pushing a security update to repair a critical zero-day Flash Player vulnerability that is being used by attackers in an email campaign targeting Internet Explorer users.

There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message.

Adobe

“There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message,” Adobe said in a statement. “The exploit targets Flash Player on Internet Explorer for Windows only.”

Attackers appear to be targeting users with PDF attachments containing malicious Flash Player exploit code.

Adobe recommends Windows, Mac and Linux users running Adobe Flash Player version 11.2.202.233, Android 4.x users running version  11.1.115.7, and Android 3.x users running version 11.1.111.8 and all earlier versions perform updates immediately. Adobe’s bulletin states Windows users should consider this a “level 1 priority.”

Adobe also advised that if Flash Player was downloaded with Google Chrome, it has received an automatic update and no action is required. Instructions for performing the updates can be found in the bulletin.

The object confusion vulnerability CVE-2012-0779 was reported by Microsoft Vulnerability Research.

In addition to applying the update, the United States Computer Emergency Readiness Team (US-CERT) issued an advisory recommending ways to apply additional mitigations. US-CERT said disabling JavaScript in Adobe Reader and Acrobat could defend against a variety of problems. In addition organizations can prevent Internet Explorer from automatically opening PDF files and can disable the display of PDFs in the browser.

Adobe issued an update for Flash Player in late March, repairing critical flaws in the popular browser plug-in. The March update also introduced a silent automatic updater feature.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close