Adobe issued an unscheduled zero-day update for a security issue on 20 February for its Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, and Adobe Flash Player 11.2.202.336 and earlier versions for Linux.
“These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe warned in its advisory.
In total, the Adobe update is fixing three identified common vulnerabilities and exposures (CVEs). Adobe noted that only one of them (CVE-2014-0502) is actively being exploited in the wild.
According the National Vulnerability Database information on CVE-2014-0502, the flaw has the highest possible score for impact and exploitability, which means it’s a real and present danger.
Security vendor FireEye claimed in a blog post that it first became aware of CVE-2014-0502 on 13 February. FireEye noted that the Peter G. Peterson Institute for International Economics as well as the American Research Centre in Egypt and the Smith Richardson Foundation were all redirecting visitors to a server hosting the CVE-2014-0502 exploit.
“All three organisations are nonprofit institutions; the Peterson Institute and Smith Richardson Foundation engage in national security and public policy issues,” FireEye stated.
Are you a security pro? Try our quiz!
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
Elon Musk firm touts cheaper EV models, as profits slump over 50 percent in the…
Bad news for Tim Cook, as Counterpoint records 19 percent fall in iPhone sales in…
TikTok pledges to challenge 'unconstitutional' US ban in the courts, after President Joe Biden signs…