The attacks are designed to trick users into clicking links pointing to a website rigged with malicious Flash (SWF) content. Adobe warns that the two vulnerabilities exploited in these attacks, CVE-2013-0643 (permissions issue with Flash Player Firefox sandbox) & CVE-2013-0648 (bug in ExternalInterface ActionScript feature) could allow an attacker to crash and take control of the affected system.
The third vulnerability, CVE-2013-0504 (buffer overflow) isn’t listed as a vulnerability actively being used in attacks, but it “can be used to execute malicious code.”
Naturally, Adobe recommends that users update their Flash Player to the latest version, regardless of their operating system or browser of choice.
Affected Flash Player Versions
Users can check what version of Flash Player they have installed by right-clicking on content running in Flash Player and selecting the 'About Adobe Flash Player' from the menu, or by visiting the About Flash Player page.
- Adobe Flash Player 11.6.602.168 and earlier versions for Windows
- Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh
- Adobe Flash Player 18.104.22.1680 and earlier versions for Linux
New Flash Player Versions
Users can visit the Flash Player Download Center to download the latest version.
After updating their system, users should be running the following version of Flash Player:
- Adobe Flash Player 11.6.602.171 (Windows & Mac)
- Adobe Flash Player 22.214.171.1243 (Linux)
[via Adobe Security Bulletin]
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+