It’s not often that the US government weighs in on the browser wars, but a new Internet Explorer vulnerability that affects all major versions of the browser from the past decade has forced it to raise an alarm: Stop using IE.
This zero-day exploit is an unpatched flaw in the browser that allows attackers to run malicious code remotely. Security firm FireEye said that it is currently being used to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. FireEye recommends that if you can’t switch browsers, that you disable Internet Explorer’s Flash plug-in.
Researchers also warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player.The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page.
While the exploit Kaspersky observed attacked only computers running Microsoft Windows, it is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible.