Adobe releases critical emergency update for Flash Player
The update patches a vulnerability for which an exploit was reported in the wild, the company said
IDG News Service - Adobe released an update for Flash Player to fix a critical remote code execution vulnerability that is actively being targeted by attackers.
The vulnerability could allow an attacker to remotely take control of an affected system, Adobe said in a security advisory published Tuesday.
The vulnerability is identified as CVE-2014-0497 on the Common Vulnerabilities and Exposures list and is classified as an integer underflow. It can be exploited to execute arbitrary code on the system.
"Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions."
The company released Flash Player 18.104.22.168 for Windows and Mac and 22.214.171.1246 for Linux. The Flash Player versions included in Google Chrome and Internet Explorer 10 and 11 will be automatically updated through the respective update mechanisms of those browsers.
It's not clear where and how the exploit for this vulnerability was discovered, but the phrase "in the wild" suggests it might have been used in attacks.
In its security advisory Adobe credits Alexander Polyakov and Anton Ivanov from antivirus vendor Kaspersky Lab with reporting the vulnerability. Kaspersky Lab did not immediately respond to an inquiry seeking more information about the exploit and where it was found.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts