Java. Flash. Java. Flash. Java. Flash. It seems like these two take turns in making your system vulnerable to attack. Sometimes they even misbehave at the same time, like today. As mentioned earlier today, two new vulnerabilities have been discovered in Java. Now it is Flash’s turn.
Adobe just announced two Flash bugs (CVE-2013-0643 and CVE-2013-0648) “are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content”. These attacks “could cause a crash and potentially allow an attacker to take control of the affected system”.
As per Adobe, these attacks are aimed at Windows and Mac OS X users of Firefox… but that does not mean someone cannot modify the attacks to target a different browser.
Unlike Java which is yet to be patched, fortunately Adobe has already released an update to Flash that patches these two bugs. So you should update Adobe Flash to the latest version (which is 11.6.602.171 for both Windows and Mac OS X) immediately to stay safe. It is recommended to update Flash on Linux (to 11.2.202.273) also, even though this particular attack is not targeting Linux users. And, as usual, Chrome and Internet Explorer 10 will automatically update their built-in Flash modules to the latest versions so you don’t need to worry about it if you run Chrome and Internet Explorer and don’t have Flash installed otherwise.
Hit up the link below to manually update Flash. If you have automatic updates enabled in Flash, Flash should automatically update itself; or, if you are impatient, you can manually update.
[via ArsTechnica, Adobe]