- Jan 24, 2011
- 9,378
Adobe rolled out an emergency update for its Flash Player software, urging users to install the new version without delay because it addresses a vulnerability that is already exploited in the wild.
Users running Internet Explorer for Windows 7 and below and Firefox on Windows XP should comply to the request as soon as possible as they these systems are among the known targets of the attackers.
Automatic updates are not available, for now
The vulnerability is a heap buffer overflow (tracked as CVE-2015-3113) that could lead execution of arbitrary code and take control of the affected systems. It has been reported by security researchers at FireEye and there are reports that attackers leverage it in limited, targeted attacks.
It is unclear whether the vulnerability has been leveraged against regular users or in more sophisticated attacks, but it can be used for funneling in malware via drive-by download attacks.
The update is available for Windows and OS X, where the version number is increased to 18.0.0.194, and for Linux, where the new build is 11.2.202.468.
For Internet Explorer on Windows 8 and above the new Flash Player arrives through the automatic update mechanism included in the web browser; but the release has not been pushed to clients, yet.
Read more: http://news.softpedia.com/news/adobe-fixes-flash-player-zero-day-exploited-in-the-wild-485066.shtml
Users running Internet Explorer for Windows 7 and below and Firefox on Windows XP should comply to the request as soon as possible as they these systems are among the known targets of the attackers.
Automatic updates are not available, for now
The vulnerability is a heap buffer overflow (tracked as CVE-2015-3113) that could lead execution of arbitrary code and take control of the affected systems. It has been reported by security researchers at FireEye and there are reports that attackers leverage it in limited, targeted attacks.
It is unclear whether the vulnerability has been leveraged against regular users or in more sophisticated attacks, but it can be used for funneling in malware via drive-by download attacks.
The update is available for Windows and OS X, where the version number is increased to 18.0.0.194, and for Linux, where the new build is 11.2.202.468.
For Internet Explorer on Windows 8 and above the new Flash Player arrives through the automatic update mechanism included in the web browser; but the release has not been pushed to clients, yet.
Read more: http://news.softpedia.com/news/adobe-fixes-flash-player-zero-day-exploited-in-the-wild-485066.shtml