Attackers are exploiting zero-day vulnerabilities in order to redirect users to Web sites with malicious Flash content, says Adobern
Adobe Systems yesterday patched three new vulnerabilities in Flash Player which are being used by hackers to attack Firefox users.
The vulnerabilities are being used by attackers to home in on zero-day vulnerabilities in the media player browser plug-in.
The patched versions of Flash Player for Windows, Mac, and Linux can be downloaded from Adobe’s Web site.
The Networkworld.com report said Mozilla has not replied to questions about the attack which according to Adobe singles out Firefox.
In January Mozilla had taken steps secure Firefox. The company said it was automatically disabling all plug-ins in Firefox except for the latest version of Adobe’s Flash Player.
Mozilla said this was to safeguard users against drive-by attacks, which trigger exploits when victims visit a compromised Web site.
Experts worry over Oracle’s security record
Since the attacks mentioned by Adobe involve unpatched flaws in the latest version of Flash Player, Mozilla’s maneuver might not have protected Firefox users.