Adobe releases Flash zero-day patch for universal cross-scripting vulnerability

News

Adobe releases Flash zero-day patch for universal cross-scripting vulnerability

Warwick Ashford

Adobe has released an out-of-cycle security update for Flash Player just days after learning of a new zero-day vulnerability.

The vulnerability affected Flash Player 10.3.181.16 and earlier versions on Windows, Macintosh, Linux and Solaris, and Android version 10.3.185.22 and earlier.

Despite the speed of the patch release, the vulnerability did not get the top "critical" rating, but is still rated "important".

The "important" status denotes a vulnerability which could compromise data security, allowing hackers access to confidential data, or could compromise processing resources in a user's computer.

"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe said in a security bulletin.

According to Adobe, the vulnerability is being exploited in the wild, in active, targeted attacks tricking the user into clicking on a malicious link delivered in an e-mail message.

Adobe recommends users of the affected versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 or 10.3.181.23 for ActiveX.

The firm expects to release an update for Flash Player 10.3.185.22 for Android later this week.

Adobe investigated the flaw in Adobe Reader and Acrobat versions 10.x and 9.x for Windows and Macintosh, but said it was unaware of zero-day attacks against those platforms.

Google has updated its Chrome web browser, also affected by the vulnerability.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy