Adobe has released an emergency patch to fix at least two zero-day vulnerabilities being used to install malware in its Flash Player software that could allow attackers to control affected systems.
Hackers had exploited security loopholes in the software on both Windows and Mac OS X operating systems. The unscheduled update is also available for Android and Linux devices, with Abode recommending that it should be installed as soon as possible to prevent potential attacks.
The Adobe security breach was revealed a month after Oracle was forced to issue a fix for Java in order to prevent hackers taking advantage of a zero-day vulnerability enabling them to remotely control infected computers.
"Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows," said the Adobe security bulletin.
"Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform," it added.
Adobe's acknowledgments at the bottom of the bulletin suggest the vulnerability in Flash was reported and countered with the aid of organisations including US government-funded cybersecurity research centre MITRE and defence contractor Lockheed Martin.
Lockheed Martin is the Pentagon's number one defence supplier and has previously issued warnings of "advanced and persistent" cyber-attacks and the threat of regular security breaches.
"The number of campaigns has increased dramatically over the last several years," said vice president and chief information security officer Chandra McMahon. "The pace has picked up," she added.
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed