Adobe Patches Flash Flaw That Allows Attacks in Microsoft Browser
Adobe said that it had pushed out an update for Flash that should put a stop to a series of attacks being carried out against users of Microsoft Windows.
Microsoft issued a separate advisory on a unrelated vulnerability in several versions of Internet Explorer and advising customers to use the browser’s enhanced security mode until an update is available.
The update comes on the same day that the U.S. government took the unusual step of suggesting that IE users consider switching to another browser.
That at least was one bit of official advice from US-CERT, the United States Computer Emergency Readiness Team, in response to the disclosure over the weekend of a significant zero-day vulnerability that affects IE versions 6 through 11, or more than half of the Web browsers in use around the world.
The organization, a branch of the U.S. Department of Homeland Security, said it was aware of “active exploitation” of the vulnerability, meaning attacks against unwitting users, which could “lead to the complete compromise of an affected system.” US-CERT went on in a more detailed bulletin to repeat what the security company FireEye reported over the weekend, that the attack involves enticing users to click through to specially created Web pages that exploit the vulnerability. So as always, be mindful of what links you click.
Update: I initially said the two updates were related, and given the timing I got them a little mixed up. The Flash and Internet Explorer vulnerabilities were separate. Sorry about any confusion there.