Just a little over a day after Microsoft revealed a massive Internet Explorer vulnerability, Adobe is pushing out an emergency security update to patch the Flash-enabled flaw. In other words, if you're an IE user (and statistically 26 per cent of you are), go and download it right now.
While the flaw affected virtually all versions of IE, any attacks looking to take advantage of the vulnerability would have to get in through Adobe's Flash Player software. Krebs on Security explains:
That advisory credits Kaspersky Lab with reporting the vulnerability, and indeed Kaspersky published a blog post today detailing two new exploits that have been spotted in the wild attacking this vulnerability. Both exploits, according to Kaspersky, have been used in so-called "watering hole" espionage attacks, an increasingly common attack technique involving the compromise of legitimate websites specific to a geographic area which the attackers believe will be visited by end users who belong to the organisation they wish to penetrate.