Adobe has released an out-of-cycle security update for Flash Player just days after learning of a new zero-day vulnerability.
The vulnerability affected Flash Player 10.3.181.16 and earlier versions on Windows, Macintosh, Linux and Solaris, and Android version 10.3.185.22 and earlier.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Despite the speed of the patch release, the vulnerability did not get the top "critical" rating, but is still rated "important".
The "important" status denotes a vulnerability which could compromise data security, allowing hackers access to confidential data, or could compromise processing resources in a user's computer.
"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe said in a security bulletin.
According to Adobe, the vulnerability is being exploited in the wild, in active, targeted attacks tricking the user into clicking on a malicious link delivered in an e-mail message.
Adobe recommends users of the affected versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 or 10.3.181.23 for ActiveX.
The firm expects to release an update for Flash Player 10.3.185.22 for Android later this week.
Adobe investigated the flaw in Adobe Reader and Acrobat versions 10.x and 9.x for Windows and Macintosh, but said it was unaware of zero-day attacks against those platforms.
Google has updated its Chrome web browser, also affected by the vulnerability.