Adobe ships emergency fix for critical Flash Player exploit

All Worry-Free IT Customers have been patched. Are your systems being managed and patched pro-activily?

 

Adobe has issued an emergency patch to plug a critical hole in Flash Player that is being exploited in the wild against Internet Explorer (IE) users.
The patch is available for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Mac, and Linux; Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x; and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x.
Adobe warned that the object confusion vulnerability fixed in the update “could cause the application to crash and potentially allow an attacker to take control of the affected system.”
Although the patch fixes the flaw for all of these platforms, the active exploits are targeting only Flash Player on IE. Therefore, this update received a No. 1 priority rating for the Windows platform; other platforms received a No. 2 priority rating.
“There are reports that the object confusion vulnerability (CVE-2012-0779) addressed in this update is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only”, Adobe warned in its security advisory.
Adobe thanked Microsoft Vulnerability Research for reporting this issue and for working with Adobe on the fix.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings