Adobe Systems released an emergency security update today that addresses a trio of vulnerabilities in Flash, two of which the company said were already being exploited by hackers.
Today's surprise update -- the company's third for the browser plug-in this month -- patches holes "that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security bulletin.
"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a Web site serving malicious Flash content," the advisory stated, identifying the vulnerabilities by their Common Vulnerabilities & Exposures. "The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser." Adobe Flash Emergency Zero Day Exploit Patched [news.cnet.com]