For the second time in two weeks, Adobe delivers a quick fix for a Flash flaw. Meanwhile, Microsoft patches Internet Explorer with a stopgap measure.

February 20, 2014 11:39 AM PST

Emergency security fixes have been distributed for Internet Explorer 9 and 10, and Adobe Flash.
(Credit: CNET)
Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.
Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit.

The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in “limited, targeted attacks.”

Related stories:
Microsoft finally fixes critical Internet Explorer vulnerability
Microsoft pays out $28K to IE 11 exploit hunters
ExploitShield becomes Malwarebytes Anti-Exploit
Google plans to wipe child p**n from the Web
Google push for faster zero day fixes hits a wall: Other companies

However, people who use those browsers must apply the fix manually with the FixIt shim tool.

A permanent fix for the exploit is expected in three weeks or so.
Adobe has patched two versions of Flash Player with an emergency fix, due to a zero-day exploit being used on one of three known security holes in the software, the company said on its blog today.

This is the second emergency patch the company has issued in two weeks.
First discovered by security firm FireEye, CVE-2014-0502 targets the Web sites of three nonprofit organizations.
The security firm recommends that Windows and Mac users of Flash Player version upgrade immediately to, and that Linux users with Flash Player upgrade to Google Chrome and Internet Explorer 10 and IE 11 will update their built-in versions of Flash automatically.
The company also recommends that people who use Adobe AIR on Android update to version

Leave a Reply