Just a little over a day after Microsoft revealed a massive Internet Explorer vulnerability, Adobe is pushing out an emergency security update to patch the Flash-enabled flaw. In other words, if you're an IE user (and statistically 26 percent of you are), go download it right now.
While the flaw affected virtually all versions of IE, any attacks looking to take advantage of the vulnerability would have to get in through Adobe's Flash Player software. Krebs on Security explains:
That advisory credits Kaspersky Lab with reporting the vulnerability, and indeed Kaspersky published a blog post today detailing two new exploits that have been spotted in the wild attacking this vulnerability. Both exploits, according to Kaspersky, have been used in so-called "watering hole" espionage attacks, an increasingly common attack technique involving the compromise of legitimate websites specific to a geographic area which the attackers believe will be visited by end users who belong to the organization they wish to penetrate.
Update 4/28 6:47pm: The Adobe update that came out today was actually released to resolve this issue, and is unrelated to the larger IE issue that appeared over the weekend.