Qualys Blog

www.qualys.com
wkandek

New Adobe Flash Addresses Attacks on Firefox

Adobe released a new version of their Flash player fixing three vulnerabilities. The new version should be installed as soon as possible, as Adobe is aware on attacks occurring in the wild against two of the vulnerabilities. Interestingly Adobe found these attack to be directed against Firefox and bypassing the Firefox Sandbox:

"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target Flash Player in Firefox."
We recommend updating your installation of Flash as soon as possible even if you are not using  Mozilla’s Firefox browser.
Microsoft has updated KB2755801 for Internet Explorer 10 (IE10) which indicates that IE10 users are getting a new version of the browser as well. On Tuesday Microsoft had made IE10 available to all Windows 7 users as an optional download, bringing enhanced speed and security to Windows 7.
Adobe states that Google Chrome users will also see automatic updates to their browser:
"Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux."
but I have not seen the update come out yet. Stay tuned – we will update the post as soon as we hear news on Chrome.

Leave a Reply