Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Issues Emergency Patch To Address Flash Player Zero-Day

Adobe on Tuesday released an out-of-band security update to address a critical zero-day security vulnerability in Adobe Flash Player that could allow an attacker to remotely take control of an affected system. 

Adobe on Tuesday released an out-of-band security update to address a critical zero-day security vulnerability in Adobe Flash Player that could allow an attacker to remotely take control of an affected system. 

Adobe has released security updates for Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux.

Adobe said that the vulnerability (CVE-2014-0497), reported to Adobe by Alexander Polyakov and Anton Ivanov of Kaspersky Lab, has an exploit that exists in the wild. 

Flash Player Zero Day

Interestingly, Kaspersky Lab said earlier this week that it has been investigating a sophisticated malware that leverages high-end exploits, and includes a bootkit and rootkit, and also has versions for Mac OS and Linux.

Neither Adobe nor Kaspersky Lab disclosed if the vulnerability patched today by Adobe has any connection to the cyber-espionage operation that Kaspersky Lab is calling “one of the most advanced threats at the moment”. 

“Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions,” the company said.

An entry into the National Vulnerability Database for CVE-2014-0497 had not yet been created at the time of publishing.

Adobe urged users should to update their software to the latest versions of Adobe Flash Player:

Advertisement. Scroll to continue reading.

• Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.44.

• Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.

• Adobe Flash Player 12.0.0.41 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.44 for Windows, Macintosh and Linux.

• Adobe Flash Player 12.0.0.38 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.0.

• Adobe Flash Player 12.0.0.38 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1.

If there is any connection between CVE-2014-0497 and the operation dubbed “The Mask” by Kaspersky Lab, it will not likely be disclosed until the company shares the details of its findings at the Kaspersky Security Analyst Summit 2014 (SAS), taking place next week in Punta Cana, Dominican Republic.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.