Adobe also releases critical updates for Flash Player and AIR Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.The actively exploited flaw affects Adobe Reader and was found by researchers from antivirus vendor Kaspersky Lab. The flaw was being used in isolated attacks, they said.[McAfee spots Adobe Reader PDF-tracking flaw]“At the moment, we are not providing any details on these attacks as the investigation is still ongoing,” said Costin Raiu, director of Kaspersky’s global research and analysis team, in a blog post. “Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible.” The vulnerability allows attackers to escape the sandbox protection of Reader and Acrobat X and XI in order to execute code with elevated privileges on the Windows platform. Adobe addressed the flaw in the newly released 11.0.08 and 10.1.11 versions of the two products.The company also released new versions of Flash Player for Windows, Mac and Linux, as well as updates for the Adobe AIR framework, its SDK (software development kit) and compiler. The Flash Player and AIR updates address seven vulnerabilities, one of which can result in remote code execution. Five of the remaining vulnerabilities can be used to bypass memory address randomization, a mechanism designed to make exploitation harder, and one can be used to bypass other security restrictions.[Adobe patches critical vulnerabilities in Flash Player, Reader, and Acrobat]The Flash Player versions bundled with Google Chrome, Internet Explorer 10 for Windows 8 and Internet Explorer 11 for Windows 8.1 will be updated automatically through those browsers. Users of Flash Player and earlier Internet Explorer versions on Windows should upgrade to version 14.0.0.176 and Firefox users should upgrade to version 14.0.0.179. Mac users should upgrade to version 14.0.0.176 and Linux users to version 11.2.202.400.Adobe AIR users on Windows and Mac should upgrade to version 14.0.0.178 while Android users should upgrade to AIR 14.0.0.179, Adobe said in a security advisory. Related content news North Korean hackers mix code from proven malware campaigns to avoid detection Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack. By Shweta Sharma Nov 28, 2023 3 mins Malware feature How a digital design firm navigated its SOC 2 audit L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits. By Alex Levin Nov 28, 2023 11 mins Certifications Compliance news GE investigates alleged data breach into confidential projects: Report General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker. By Shweta Sharma Nov 27, 2023 3 mins Data Breach opinion A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? You can try to keep the flood of generative AI at bay but embracing it with proper vigilance is likely the best hope to maintain control and prevent the scourge of it becoming shadow AI. By Christopher Burgess Nov 27, 2023 6 mins Generative AI Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe