Adobe has released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux and OS X, the exploitation of which can result in an attacker gaining remote control of the victims' systems.
After having worked with Google, Microsoft and Mozilla to incorporate an app sandbox for Flash Player, Adobe has announced that Safari in the recently released OS X Mavericks will also include one.
As promised last year, Adobe has been issuing its scheduled Flash updates on the second Tuesday of each month - the same day that Microsoft chose for its monthly Patch Tuesday.
Day two of the Pwn2Own competition at CanSecWest was again successful for French Vupen security, as they succeeded in exploiting Adobe Flash on Internet Explorer 9 on Windows 7 by chaining together three zero-days (an overflow, a ASLR bypass technique and a IE9 sandbox memory corruption) and earning themselves another $70,000.
With all the Flash Player and Java zero-day vulnerabilities lately getting exploited in attacks, browser vendors are trying to come up with solutions to protect their users without antagonizing them with lengthy hoop-jumping.