Adobe releases second critical security update for Flash Player in three weeks

Adobe has released the second critical security update for its Flash Player plug-in in less than three weeks

Adobe has released the second critical security update for its Flash Player plug-in in less than three weeks.

Adobe has assigned the CVE identifier CVE-2014-0502 to this vulnerability and released a security bulletin.

The latest update addresses a zero-day exploit reported by security firm FireEye that targeted visitors of at least three non-profit websites.

 FireEye said the Peterson Institute for International Economics, the American Research Center in Egypt and the Smith Richardson Foundation were all compromised using remote code injection.

Traffic to these sites was redirected to a server that contained a hidden iframe running the exploit.

The security firm’s researchers said the attacks may be related to a May 2012 campaign outlined by ShadowServer, based on consistencies in tradecraft, attack infrastructure and malware configuration.

FireEye said they believe those responsible for the attacks have sufficient resources, such as zero-day exploits, and are committed to infecting those visiting foreign and public policy websites.

“The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to defense and public policy matters,” FireEye said in a blog post.

In a security bulletin, Adobe said the updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe Flash Player and AIR versions affected

The following versions of Adobe Flash Player and Adobe AIR are affected:

  • Adobe Flash Player and earlier versions for Windows and Macintosh
  • Adobe Flash Player and earlier versions for Linux
  • Adobe AIR and earlier versions for Android
  • Adobe AIR SDK and earlier versions
  • Adobe AIR SDK & Compiler and earlier versions

The new version of Flash Player for Windows and Mac is while the newest for Linux is

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.