Thursday, February 7, 2013

Adobe Releases Security Update for Flash Player

A security update for Adobe Flash Player has been released by Adobe.  The update is for Windows, Mac, Linux and Android, and it addresses vulnerabilities that could cause Flash Player to crash, and to potentially allow an attacker to take control of a system that has been breached by the vulnerability.

Adobe's Security Bulletin states:
"Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
 "Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content."
Adobe has categorized the update to Windows and Macintosh systems as Priority 1 Rating, which means:


Additionally, the updates address Critical vulnerabilities, which Adobe defines as:


For information about how to verify which version of Flash Player is installed on your system, please visit How can I check that my Flash Player version is up to date?.

No comments:

Post a Comment