Adobe issues emergency patch for flash

[mike123abc]

http://www.tomsguide.com/us/adobe-patch-zero-day-syria,news-18700.html

Interesting a couple zero day exploits being used in Syria... I wonder if Russian hackers supplied them?

Adobe issued an emergency patch today (Apr. 28) for a critical security flaw in Adobe Flash Player currently being used in two different zero-day exploits targeting Syrian dissidents. Windows, Mac and Linux are affected, and users should make sure browsers and any other program that uses Flash receives the Adobe updates.

The flaw, catalogued as CVE-2014-0515, lets attackers infect Web browsers through drive-by downloads from corrupted websites, and from there install and use more malware without a computer user's knowledge.

If the Syrian government, or an associated group, is behind the attacks, the next question is: How did it find and exploit this previously unknown flaw? Zero-day vulnerabilities and exploits are valuable digital weapons and are bought and sold in malware gray markets. The National Security Agency and foreign intelligence agencies are assumed to be the biggest buyers of zero-days, purchasing them either to use in offensive operations or to prevent criminals and rival intelligence agencies from using them.