Adobe issues second emergency patch for Flash Player this month

Adobe has released a critical security update for its Flash Player plug-in for Windows, Mac and Linux - the second in less than three weeks. The update addresses a zero-day exploit first uncovered by security firm FireEye a week ago that targeted visitors of at least three nonprofit websites.

The security firm said Peterson Institute for International Economics (PIIE.com), the American Research Center in Egypt (ARCE.org) and the Smith Richardson Foundation (SFR.org) were all compromised using remote code injection. Traffic to these sites was redirected to a server that contained a hidden iframe running the exploit.

Given the nature of the nonprofits, FireEye said they believe those responsible for the attacks have sufficient resources and are committed to infecting those visiting a particular type of website. Two of the sites in question focus on national security and public policy which led the firm to speculate that the attackers infected visitors for follow-on data theft.

In a security bulletin on the matter, Adobe said Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, version 11.2.202.336 and earlier versions for Linux, AIR 4.0.0.1390 and earlier versions for Android, AIR 3.9.0.1390 SDK and earlier versions and AIR 3.9.0.1390 SDK & Compiler and earlier versions are all affected.

The new version of Flash Player for Windows and Mac is 12.0.0.70 while the newest for Linux is 11.2.202.341. Naturally, you'll want to download and apply the patch ASAP.