Adobe rolls out emergency updates to Flash Player
Adobe (NASDAQ: ADBE) on Thursday released an out-of-band update to its Flash Player to resolve a couple of zero-day vulnerabilities that are actively being exploited by hackers. This move marks the first time that the Adobe has released an out-of-band update since the company moved to a schedule mirroring Microsoft's Patch Tuesday last year.
The first one, CVE-2013-0633, is being exploited via a Microsoft (NASDAQ: MSFT) Word document that has malicious Flash content embedded. Specifically, it targets the ActiveX version of Flash Player on the Windows operating system, said Adobe in its security bulletin published on Thursday.
The second one, CVE-2013-0634, is known to affect not just Windows PCs, but Macs as well. According to Adobe, this vulnerability is being "exploited in the wild in attacks delivered via malicious Flash content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform." Google (NASDAQ: GOOG) Chrome will be automatically updated with the latest version of Flash Player.
Though the security issue has the potential to affect Linux and certain Android 4.x devices, Adobe has given them a much lower priority rating of "3" compared to "1" for Windows and Mac. A priority rating of 3 means that user can apply the patches at their discretion.
- check out this article at Computerworld