Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.
The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It’s not clear who was behind the attack, but the site had been compromised in the past by hackers.
Adobe has released a fix for a zero-day vulnerability in Flash Player, which impacts users running Windows, Mac and Linux operating systems.
The company yesterday urged Windows and Mac users to download Flash Player versions 126.96.36.199 and 11.7.700.261 (for those who cannot update to version 12.0). Those running Flash on Linux systems were directed to install version 188.8.131.526 of the plug-in.
Adobe is recommending that users update their Flash Players immediately -- especially those who frequent Google Chrome and Internet Explorer. The company released an emergency security bulletin on Tuesday that addresses vulnerabilities in Flash, which could be exploited by hackers.
"This vulnerability could allow an attacker to remotely take control of the affected system," Adobe wrote in a blog post. "Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin."
A new zero day flaw in Windows XP and Server 2003 is being exploited in the wild to bypass the sandbox on unpatched versions of Adobe Reader, security firm FireEye has reported.
According to the firm’s analysis, the vulnerability allows for a standard user running XP SP3 to elevate privileges to admin level, allowing a targeted attack on users running Reader versions 9.5.4, 10.1.6, 11.0.02 and before using a malicious PDF.
Today Adobe issued updates for the Flash Player on Windows, Mac and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. At the same time the company issued a security hotfix for ColdFusion, their web application platform.
Adobe says that these updates are unrelated to the recent theft of ColdFusion source code.