NEWS - February 05, 2014
by Carol~ - 2/5/14 8:33 AM
Adobe releases unscheduled Flash update to patch critical zero-day threat
Adobe has released an unscheduled update for its ubiquitous Flash media player to patch a critical vulnerability that may already be under active exploit in the wild.
The security flaw exists in Adobe Flash Player 126.96.36.199 and earlier versions for Windows and OS X and 188.8.131.525 and earlier versions for Linux, according to an advisory published Tuesday morning. The vulnerability stems from an integer underflow bug in the underlying code that could be exploited to execute arbitrary code on the affected system. Because attackers can typically trigger such vulnerabilities surreptitiously after luring victims to websites hosting attacks, Adobe rated the threat as "critical," the company's highest severity category.
"Adobe is aware of reports that an exploit for this vulnerability exists in the wild and recommends users update their product installations to the latest versions," the Adobe advisory stated. It went on to thank Alexander Polyakov and Anton Ivanov of antivirus provider Kaspersky Labs for reporting the vulnerability, which was listed as CVE-2014-0497 under the standardized common vulnerabilities and exposure disclosure system.
Continued : http://arstechnica.com/security/2014/02/adobe-releases-unscheduled-flash-update-to-patch-critical-zero-day-threat/
See Stickie: Security updates for Adobe Flash Player (APSB14-04)
Vulnerabilities / Fixes: Adobe Flash Player Integer Underflow Vulnerability
Details Emerge on Latest Adobe Flash Zero-Day Exploit
Adobe Pushes Fix for Flash Zero-Day Attack
Adobe Flash flaw exploited in the wild, update now