[tahanteada]

Taas turvaprobleemid:
Adobe's Flash Player gets an emergency update
The vulnerability was used in attacks against users in Syria, but will likely see wider exploitation, Kaspersky Lab researchers said

IDG News Service - Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.

The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It's not clear who was behind the attack, but the site had been compromised in the past by hackers.

"We received a sample of the first exploit on April 14, while a sample of the second came on April 16," Vyacheslav Zakorzhevsky, manager of the vulnerability research group at Kaspersky Lab said in a blog post Monday. "The first exploit was initially recorded by KSN [the Kaspersky Security Network] on April 9, when it was detected by a general heuristic signature."

While the two exploits leveraged the same, previously unknown, vulnerability in Flash Player they targeted users in different ways. One exploit could have been used to infect any computer with Flash Player installed, but the second specifically required Adobe Flash Player 10 ActiveX and the Cisco MeetingPlace Express Add-In to be installed on the targeted systems.

The Cisco Unified MeetingPlace Express is a Web collaboration and video conferencing product developed by Cisco Systems and the Kaspersky researchers believe the exploit authors were trying to use it to spy on their targets.

Edasi lingil:
http://www.computerworld.com/s/article/9247962/Adobe_s_Flash_Player_gets_an_emergency_update
--------------------------
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: April 28, 2014

http://helpx.adobe.com/security/products/flash-player/apsb14-13.html