News

Adobe releases second critical security update for Flash Player in three weeks

Warwick Ashford

Adobe has released the second critical security update for its Flash Player plug-in in less than three weeks.

Adobe has assigned the CVE identifier CVE-2014-0502 to this vulnerability and released a security bulletin.

adobe.jpg

The latest update addresses a zero-day exploit reported by security firm FireEye that targeted visitors of at least three non-profit websites.

 FireEye said the Peterson Institute for International Economics, the American Research Center in Egypt and the Smith Richardson Foundation were all compromised using remote code injection.

Traffic to these sites was redirected to a server that contained a hidden iframe running the exploit.

The security firm’s researchers said the attacks may be related to a May 2012 campaign outlined by ShadowServer, based on consistencies in tradecraft, attack infrastructure and malware configuration.

FireEye said they believe those responsible for the attacks have sufficient resources, such as zero-day exploits, and are committed to infecting those visiting foreign and public policy websites.

“The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to defense and public policy matters,” FireEye said in a blog post.

In a security bulletin, Adobe said the updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe Flash Player and AIR versions affected

The following versions of Adobe Flash Player and Adobe AIR are affected:

  • Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.336 and earlier versions for Linux
  • Adobe AIR 4.0.0.1390 and earlier versions for Android
  • Adobe AIR 3.9.0.1390 SDK and earlier versions
  • Adobe AIR 3.9.0.1390 SDK & Compiler and earlier versions

The new version of Flash Player for Windows and Mac is 12.0.0.70 while the newest for Linux is 11.2.202.341.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy