05-01-2014 06:11 AM
Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash
by Paul Ducklin
Hot on the heels of Microsoft's Internet Explorer (IE) zero-day announcement comes an Adobe bulletin about a zero-day in Flash.
Readers who saw our recent story about Microsoft's zero-day will know that although that bug is entirely in Microsoft's code, the exploits currently seen "in the wild" rely on a Flash file to get things going.
In the IE attacks, Flash is used by the attackers to get their ducks in a row in memory, so to speak, thus creating the circumstances needed make their exploit on IE succeed. Adobe's newly-announced Flash exploit is unrelated: APSB14-13 is a bug in Flash itself that apparently allows remote code execution. That means that you could be infected just by viewing a Flash file in your browser.
Webroot® SecureAnywhere™ Internet Security Complete Beta v188.8.131.52 & VoodooShield Beta v2.23m