Adobe releases third critical Flash update this month

 

Gallery

By Stewart Mitchell

Posted on 27 Feb 2013 at 10:57

Adobe's Flash has been forced to issue its third emergency update this month as hackers target a zero-day vulnerability.

The vulnerabilities are already being exploited in the wild targeting the Firefox browser, but could also hit surfers using Windows, Mac or Linux machines.

According to Adobe, the updates "address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system".

"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash content," the company said.

Security firms suggested updating as soon as possible, although noted that some browsers will take care of the update automatically.

"If you run Chrome or Internet Explorer 10 for Windows 8, then you should be automatically running the latest version of Adobe Flash," said Sophos in its Naked Security blog. "Similarly, if you have told Adobe Flash to automatically keep itself up-to-date you should be updated shortly."

Anyone else should download the latest version of the plug-in for their platform – 11.6.602.171 for Windows and Macs, and 11.2.202.273 for Linux - from the Adobe site.