Adobe releases patch for Flash zero-day

February 5, 2014 – 5:00 PM

Adobe has released a fix for a zero-day vulnerability in Flash Player, which impacts users running Windows, Mac and Linux operating systems.

On Tuesday, the company made the updates available via a security bulletin, urging Windows and Mac users to download Flash Player versions and 11.7.700.261 (for those who cannot update to version 12.0). Those running Flash on Linux systems were directed to install version of the plug-in.

In the bulletin, Adobe said that the previously unknown vulnerability, CVE-2014-0497, had been exploited in the wild. Kaspersky Labs researchers Alexander Polyakov and Anton Ivanov reported the bug to Adobe.

The issue stems from an integer underflow vulnerability, which could allow an attacker to remotely take control of an affected system and execute malicious code.

In its bulletin, Adobe also directed users running versions of Flash for Chrome and Internet Explorer 10 and 11 web browsers to update to the newly released plug-in.


You must be logged in to post a comment.