News

Adobe pushes patch for actively exploited Flash Player vulnerability

SearchSecurity.com Staff

Adobe Systems Inc. is pushing a security update to repair a critical zero-day Flash Player vulnerability that is being used by attackers in an email campaign targeting Internet Explorer users.

    Requires Free Membership to View

There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message.

Adobe

“There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message,” Adobe said in a statement. “The exploit targets Flash Player on Internet Explorer for Windows only.”

Attackers appear to be targeting users with PDF attachments containing malicious Flash Player exploit code.

Adobe recommends Windows, Mac and Linux users running Adobe Flash Player version 11.2.202.233, Android 4.x users running version  11.1.115.7, and Android 3.x users running version 11.1.111.8 and all earlier versions perform updates immediately. Adobe’s bulletin states Windows users should consider this a “level 1 priority.”

Adobe also advised that if Flash Player was downloaded with Google Chrome, it has received an automatic update and no action is required. Instructions for performing the updates can be found in the bulletin.

The object confusion vulnerability CVE-2012-0779 was reported by Microsoft Vulnerability Research.

In addition to applying the update, the United States Computer Emergency Readiness Team (US-CERT) issued an advisory recommending ways to apply additional mitigations. US-CERT said disabling JavaScript in Adobe Reader and Acrobat could defend against a variety of problems. In addition organizations can prevent Internet Explorer from automatically opening PDF files and can disable the display of PDFs in the browser.

Adobe issued an update for Flash Player in late March, repairing critical flaws in the popular browser plug-in. The March update also introduced a silent automatic updater feature.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: