Adobe releases emergency patch for Windows and OS X systems

Adobe recently released an emergency update for Flash Player on all platforms

Adobe recently released an emergency update for Flash Player on all platforms after two zero-day bugs were discovered in the wild targeting Windows and Mac OS X computers. The vulnerabilities allowed hackers to hijack both Windows PCs and Macs. Adobe recommends all users to update their systems as soon as possible.

The first vulnerability, CVE-2013-0633, tricks users into downloading a Microsoft Word document sent via e-mail. As you might expect, the document contains malicious SWF (flash's file extension) content that can then infect a user's system. This exploit targets the ActiveX version of Flash Player for Windows, Adobe said.

The second exploit, CVE-2013-0634, targets Firefox and Safari users on Mac OS X by directing users to Websites containing malicious Flash content. This vulnerability is also being used against Windows users in a similar manner to the first exploit. Namely, malicious documents delivered via e-mail.

So there's nothing new here in terms of malware delivery, but you should update your Flash Player software as soon as possible if it isn't set to update automatically. Even though the newly patched weaknesses target Mac and Windows users, Adobe has also released updates for Flash Player on Linux and all versions of Android from 2.X to 4.X (basically, everyone running Flash on Android).

Checking to make sure you've got the latest updates to Flash Player these days is not easy task, as a single system can have several different versions. Windows 8 users, for example, will have Flash built-in to Internet Explorer and will receive their updates via Windows Update. But you may also have Chrome, which has its own built-in version of Chrome, while Firefox uses the generic version of Flash.

The easiest way to figure out your Flash situation is to visit the Flash about page on Adobe's Website. If you see an animation at the top of the page, that means you have Flash installed in your browser. Underneath the animation, you'll see a little box dubbed "Version Information" telling you which version of Flash you currently have. Compare that number to the chart right below the version information box to make sure you're up to date.

Most users should have Flash configured for automatic updates, but if you need to manually update Flash Player here's how to get it done on Windows and OS X.

Windows 8 users need to open Windows Update by pressing the Windows Key + C to open the Charms Bar. Next, click the search icon at the top and type "update." Next, click "Settings" right below the text entry box and then select "Check for updates" in the main window.

The easiest way for Windows 7 users to get the update is to go the Flash Player Download Center and download the update. Windows 8 users needing to manually update another browser such as Firefox can also download updates directly from Adobe. Chrome users receive updates automatically in the background.

Mac OS X users who need to manually update should open System Preferences and tap on the Flash Player icon in the "Other" section. Once the Flash Player preferences open, click on the 'Advanced' tab and then the "Check Now" button.

Windows users have more security update action to look forward to this coming Tuesday, which is Microsoft's monthly patch Tuesday. The software maker on Thursday said it will release 12 patches for 57 vulnerabilities affecting users running Windows XP, Windows 7, and Window 8 systems.

Join the CSO newsletter!

Error: Please check your email address.

Tags MacMicrosoftsecurityOS XWindowsadobesoftwareoperating systems

More about Adobe SystemsLinuxMacsMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place