
Adobe issues emergency Flash update for attacks on Windows, Mac - shawndumas
http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/
======
Osmium
Any info for what the payload is and any info on how to tell if you've been
infected?

Adobe's security advisory says they're aware of these attacks happening in the
wild, so they must presumably know something about it. It would be nice if
they shared these details.

~~~
DanBlake
It says its related to opening a word document with embedded flash, so luckily
its not a true 'drive by' and would require some social engineering to work
since the user has to download and open a .doc

~~~
Osmium
Not true:

"Adobe is also aware of reports that CVE-2013-0634 is being exploited in the
wild in attacks delivered via malicious Flash (SWF) content hosted on websites
that target Flash Player in Firefox or Safari on the Macintosh platform, _as
well as_ attacks designed to trick Windows users into opening a Microsoft Word
document delivered as an email attachment which contains malicious Flash (SWF)
content." [my emphasis]

[https://www.adobe.com/support/security/bulletins/apsb13-04.h...](https://www.adobe.com/support/security/bulletins/apsb13-04.html)

~~~
DanBlake
ah, didn't see that.

------
stuaxo
A linux update - will this only be for chrome, or will is there an update for
firefox too ?

------
martinced
Chrome's sandboxed + automated update approach did apparently work fine again.

I'm still browsing from _inside_ a full VM (KVM)... With Chrome ; )

~~~
drivebyacct2
Why not just use AppArmor or SE?

~~~
hippich
Any details on how to use these except apt-get'ing these?

