Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.
Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit. The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in "limited, targeted attacks."
However, people who use those browsers must apply the fix manually with the FixIt shim tool. A permanent fix for the exploit is expected in three weeks or so.
Adobe has patched two versions of Flash Player with an emergency fix, due to a zero-day exploit being used on one of three known security holes in the software, the company said on its blog today. This is the second emergency patch the company has issued in two weeks.
First discovered by security firm FireEye, CVE-2014-0502 targets the Web sites of three nonprofit organizations.
The security firm recommends that Windows and Mac users of Flash Player version 220.127.116.11 upgrade immediately to 18.104.22.168, and that Linux users with Flash Player 22.214.171.1246 upgrade to 126.96.36.1991. Google Chrome and Internet Explorer 10 and IE 11 will update their built-in versions of Flash automatically.
The company also recommends that people who use Adobe AIR on Android update to version 188.8.131.528.