Guess what? Adobe Flash is being hit with in-the-wild attacks (again); update to latest version to stay safe


Java. Flash. Java. Flash. Java. Flash. It seems like these two take turns in making your system vulnerable to attack. Sometimes they even misbehave at the same time, like today. As mentioned earlier today, two new vulnerabilities have been discovered in Java. Now it is Flash’s turn.

Adobe just announced two Flash bugs (CVE-2013-0643 and CVE-2013-0648) “are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content”. These attacks “could cause a crash and potentially allow an attacker to take control of the affected system”.

As per Adobe, these attacks are aimed at Windows and Mac OS X users of Firefox… but that does not mean someone cannot modify the attacks to target a different browser.

Unlike Java which is yet to be patched, fortunately Adobe has already released an update to Flash that patches these two bugs. So you should update Adobe Flash to the latest version (which is 11.6.602.171 for both Windows and Mac OS X) immediately to stay safe. It is recommended to update Flash on Linux (to also, even though this particular attack is not targeting Linux users. And, as usual, Chrome and Internet Explorer 10 will automatically update their built-in Flash modules to the latest versions so you don’t need to worry about it if you run Chrome and Internet Explorer and don’t have Flash installed otherwise.

Hit up the link below to manually update Flash. If you have automatic updates enabled in Flash, Flash should automatically update itself; or, if you are impatient, you can manually update.

Adobe Flash download page

[via ArsTechnica, Adobe]

Related Posts

  • DoktorThomas

    Adobe download server is expireincing too many hits … 7:26AM CST to be accessible.

  • etim

    So whatever happened to HTML5?
    “The Next Great Thing” seems to have fizzled…I was expecting to see a LOT more of it by now.

  • Seamus McSeamus


    Same for me. No edit option is visible, and the last time it was and I tried to use it, it didn’t function.

  • Seamus McSeamus

    I went to the Flash update page and got a message telling me that I need Java in order to download the update. Not a problem since I use NoScript, but I do find it a bit ironic.

  • AFPhy6

    – off the subject question, Ashraf: for the last week or two, the “edit post” option has not been showing up for me. Have you disabled that feature? I suspect it is something on my end that has changed, but before I go mucking around, I would like to confirm that you haven’t changed the website.

  • AFPhy6

    Well, that is a very good idea… I guess this may be the final reason for me to move away from my comfortable older FF versions to something newer since that click to play configuration setting is not available in the FF version I’m using… I’ve been meaning to for quite a while, but when I migrate, I also do backup and create a new profile. … ’bout time, I guess…

  • mukhi

    i would love to see that!!! oh well, prob is that even my bank uses JRE for log-in, grrr…

    i have been reading your comments for couple of days, nice info. my prob is that click to play may not work very well for me since i don’t have a fast broadband (well, it is supposed to be fast but throughput is very low sometimes).

    i know! even the mcafee offer bundled freaks me out.

  • Janet

    Make sure to uncheck “Install Google Chrome” when you install the Flash update if you do not want it…..

  • santuccie

    Flash and Java have become the primary targets ever since Address Space Layout Randomization was introduced in Vista SP1 (to mainstream users, anyway; I think OpenBSD had it before then). Reason being, Flash and Java are not subject to ASLR, and are therefore easier to exploit in a drive-by attack.

    I can’t (and don’t) live without my plugins. I prefer to use click to play, so only the content I intend to run is ever downloaded. This way, unless I’m visiting the places I shouldn’t be visiting, I’m safer than users with updated plugins in the event of a zero-day outbreak. It also speeds up my pageloads, by leaving out the extra junk unless I specifically click on the placeholder. For more information:

    Hope this helps!

  • Ashraf

    [@mukhi] For most people not using Java is easy. Not using Flash, however, is significantly more difficult. Im thinking of doing a simple study trying to live without Flash for a week and see how it goes.

  • mukhi

    looks like flash/java have become prime targets of malicious people. don’t use flash/java for now?