At some point, the exploit code will leak or a post-compromise analysis will reveal the vulnerability and/or the exploit involved and then the gates open for more compromise activity by others with a variety of motives. Attackers will often use newer vulnerabilities and 0days on special targets of high value first.
Adobe recommends administrators install the update as soon as possible.įlash Player update closes critical object confusion holeĪdobe Flash update addresses critical security hole.Īnalysis: This vulnerability has been used in active attacks although they are apparently not widespread attacks.
* Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. The exploit targets Flash Player on Internet Explorer for Windows* only. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Flash Player v11.2.202.235 released - 0-day Fix