TechTarget

Adobe releases Flash zero-day patch for universal cross-scripting vulnerability

Adobe has released an out-of-cycle security update for Flash Player just days after learning of a new zero-day vulnerability.

Adobe has released an out-of-cycle security update for Flash Player just days after learning of a new zero-day vulnerability.

The vulnerability affected Flash Player 10.3.181.16 and earlier versions on Windows, Macintosh, Linux and Solaris, and Android version 10.3.185.22 and earlier.

Despite the speed of the patch release, the vulnerability did not get the top "critical" rating, but is still rated "important".

The "important" status denotes a vulnerability which could compromise data security, allowing hackers access to confidential data, or could compromise processing resources in a user's computer.

"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe said in a security bulletin.

According to Adobe, the vulnerability is being exploited in the wild, in active, targeted attacks tricking the user into clicking on a malicious link delivered in an e-mail message.

Adobe recommends users of the affected versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 or 10.3.181.23 for ActiveX.

The firm expects to release an update for Flash Player 10.3.185.22 for Android later this week.

Adobe investigated the flaw in Adobe Reader and Acrobat versions 10.x and 9.x for Windows and Macintosh, but said it was unaware of zero-day attacks against those platforms.

Google has updated its Chrome web browser, also affected by the vulnerability.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close