Adobe issues two Flash zero-day patches

Adobe Zero-Day | Flash Player | Chicago Computer SupportToday, a Security Bulletin (APSB13-04) has been posted to address security issues in Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.261 and earlier versions for Linux, Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x.

Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

One of the holes, CVE-2013-0634 , is credited to the incident response team at defense contractor Lockheed Martin, the MITRE organization, and “W” of the ShadowServer Foundation. This combination of reporters suggests that the attacks were targeted industrial espionage.

Thom Infotech recommends both Windows and Mac users apply the updates for their product installations as soon as possible.

Contact

Thom Infotech
480 E. Roosevelt Rd. Suite 202
West Chicago, IL 60185
Phone: 630 937-1500
Fax: 630 937-1515

Open a Ticket


Need Help? The most efficient way to get the assistance you need is to submit a ticket so that we can route your request to the people who have the answers you are looking for.
Open a Ticket