Adobe patches critical loophole that let attackers control your PC

Adobe yesterday released a security patch for a rather critical vulnerability that could allow an attacker to take control of the complete system. The security updates have been released for Flash Player for Windows, Macintosh, Linux, and Android. Adobe states that the vulnerability is quite serious and advises users to update Flash as soon as possible.

The fixes come in the wake of reports of a vulnerability, CVE-2013-0633, being exploited. The exploit is designed to trick users into opening a Microsoft Word document that's delivered as an email attachment and contains malicious Flash (SWF) content. The exploit for the CVE-2013-0633 vulnerability targets the ActiveX version of Flash Player on Windows.

New security updates issued

Additionally, the company also knows that another vulnerability, CVE-2013-0634, is being exploited in the wild. Attacks exploiting the vulnerability are being pushed through malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on  Macintosh. There have also been exploits designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

Adobe is urging users to update their installations to the latest versions:

• Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
• Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
• Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows.
• Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37.
• Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.32.

The affected software versions include - 

• Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.261 and earlier versions for Linux
• Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x