Adobe releases Flash zero-day patch for universal cross-scripting vulnerability


Adobe releases Flash zero-day patch for universal cross-scripting vulnerability

Warwick Ashford

Adobe has released an out-of-cycle security update for Flash Player just days after learning of a new zero-day vulnerability.

The vulnerability affected Flash Player and earlier versions on Windows, Macintosh, Linux and Solaris, and Android version and earlier.

Despite the speed of the patch release, the vulnerability did not get the top "critical" rating, but is still rated "important".

The "important" status denotes a vulnerability which could compromise data security, allowing hackers access to confidential data, or could compromise processing resources in a user's computer.

"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe said in a security bulletin.

According to Adobe, the vulnerability is being exploited in the wild, in active, targeted attacks tricking the user into clicking on a malicious link delivered in an e-mail message.

Adobe recommends users of the affected versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player or for ActiveX.

The firm expects to release an update for Flash Player for Android later this week.

Adobe investigated the flaw in Adobe Reader and Acrobat versions 10.x and 9.x for Windows and Macintosh, but said it was unaware of zero-day attacks against those platforms.

Google has updated its Chrome web browser, also affected by the vulnerability.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy