X

Adobe issues emergency patch -- again

For the second time in two weeks, Adobe delivers a quick fix for a Flash flaw. Meanwhile, Microsoft patches Internet Explorer with a stopgap measure.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
Emergency security fixes have been distributed for Internet Explorer 9 and 10, and Adobe Flash. CNET

Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.

Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit. The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in "limited, targeted attacks."

However, people who use those browsers must apply the fix manually with the FixIt shim tool. A permanent fix for the exploit is expected in three weeks or so.

Adobe has patched two versions of Flash Player with an emergency fix, due to a zero-day exploit being used on one of three known security holes in the software, the company said on its blog today. This is the second emergency patch the company has issued in two weeks.

First discovered by security firm FireEye, CVE-2014-0502 targets the Web sites of three nonprofit organizations.

The security firm recommends that Windows and Mac users of Flash Player version 12.0.0.44 upgrade immediately to 12.0.0.70, and that Linux users with Flash Player 11.2.202.336 upgrade to 11.2.202.341. Google Chrome and Internet Explorer 10 and IE 11 will update their built-in versions of Flash automatically.

The company also recommends that people who use Adobe AIR on Android update to version 4.0.0.1628.