Adobe releases Adobe Flash security update in second emergency fix this month

Less than three weeks ago, Adobe released a critical security update for its Flash Player plug-in fixing an exploit that allowed machines to be accessed remotely by attackers.

Yet another security update is out today (and strongly recommended). The new build (Version 12.0.0.70) intends to address a vulnerability that allowed attackers to target at least three nonprofit websites according to security firm FireEye and reported by ArsTechnica

Read more

Yet another Java vulnerability discovered, researchers recommend disabling browser plug-in

url-3

Following an attack on a smaller number of corporate Macs that exploited a flaw in the Java browser plug-in, researchers from security firm FireEye warned users of yet another new Java zero-day vulnerability. According to a blog post published yesterday (via IDG), browsers running Java v1.6 Update 41 and Java v1.7 Update 15 are now vulnerable to a malware attack that installs a remote access tool known as McRAT. The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month. Following the earlier attack, Apple released an update to Java for users to version 1.6.0_41. These recent vulnerabilities come after several updates over the last year to Java addressing exploits.

FireEye recommended users disable Java until Oracle addresses the issue:

We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to “High” and do not execute any unknown Java applets outside of your organization.

Oracle provided the instructions below for uninstalling Java on Mac: Read more