Cross-site scripting vulnerability discovered in Adobe Flash Player

Adobe issued an update Sunday repairing the Flash Player flaw in the wake of targeted email attacks attempting to exploit the flaw.

Adobe Systems Inc. is taking action to block a cross-site scripting vulnerability in Flash player that it said is being actively exploited by attackers.

Adobe said the vulnerability, rated as important, has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.

The company advises users to upgrade to version 10.3.185.22. Android users will have to wait until later this week to be completely protected.

The universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website.  Adobe said there are reports that the vulnerability is already being exploited in the wild in targeted attacks designed to trick users into clicking on a malicious link delivered in an email message.

The company recommends that users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, should update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX).

Adobe added that it is still investigating any impact to the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems. The company says it is not aware of any attacks targeting Adobe Reader or Acrobat in the wild.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close