Another vulnerability, another update. That has been the pattern Adobe has been following of late as it released its third another security update for its Flash Player product this month.

The emergency update patches three vulnerabilities, including two critical (CVE-2013-0643 and CVE-2013-0648) that are targeting Flash Player in Mozilla’s Firefox browser and could let an attacker crash and compromise affected systems.

Adobe Emergency Patches, Again
Security Fixes; PDF Viewer in Firefox 19
Developer Site Zero Day Attack Source
Adobe Mitigation Plan for Zero Day

According to a post on Adobe’s Product Security Incident Response Team (PSIRT) blog, both of the vulnerabilities are suffering exploitation via targeted attacks. Adobe claims some attackers are tricking users into clicking a link that leads them to a website serving up malicious SWF files.

The fix affects Flash Player and earlier for Windows, Flash Player 11.6.602.167 and earlier for Macintosh and Flash Player and earlier for Linux.

Schneider Bold

The fix also resolves a permissions issue with Firefox’s Flash Player sandbox and a buffer overflow vulnerability in the Flash Player’s broker service.

Adobe last fixed Flash Player two weeks ago when it fixed 17 vulnerabilities with a regularly scheduled update. That patch only came a few days after the company issued an out-of-band patch for two Zero Day vulnerabilities undergoing exploitation.

One of those Zero Days (CVE-2013-0633) was affecting Microsoft Office documents while the other zero day (CVE-2013-0634), similar to the vulnerability just patched, targeted Firefox browsers, along with Mac OS X systems via malicious .SWF files.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This