Adobe patches Flash because of ongoing attacks

Share this article:

Adobe on Wednesday unexpectedly pushed an update to its popular Flash Player to address seven vulnerabilities, including one that was being publicly exploited.

The update to version 11.1.102.62 for Windows, Macintosh, Linux and Solaris includes a fix for a cross-site scripting flaw that was being used in targeted attacks against users of Internet Explorer on Windows, according to a security bulletin. The bug was being leveraged in emails that tried to lure recipients to click on a link that leads to a malicious website, on which the attackers are able to take actions on the user's behalf.

The other flaws addressed by the update, which were not zero-days, could lead to malicious code execution, the bulletin said.

Wednesday's emergency release from Adobe likely will catch IT administrators off guard, said Andrew Storms, director of security operations at vulnerability management firm nCircle.

"In a perfect world, it would have been nice to get a little advance communication about the zero-day in Flash," he said.

For those organizations that can't update to the current version, Adobe also has made available an update for Flash 10.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.