News Stay informed about the latest enterprise technology news and product updates.

Adobe Flash Player security update repairs dangerous XSS issue

Adobe said it is tracking reports that at least one of the coding errors is being actively targeted by attackers.

Adobe Systems Inc. has issued a critical Flash Player security update, repairing six vulnerabilities and at least one flaw being actively targeted by cybercriminals in an email attack.

 The flaw, an Adobe Flash Player cross-site scripting (XSS) vulnerability, could be used against a user once they are tricked into visiting a malicious website, Adobe said. The critical update affects all versions of Adobe Flash Player running on Windows, Macintosh, Linux and Solaris, as well as the mobile version for Google Android devices.

“These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in its security advisory, issued Wednesday.

Adobe recommends users upgrade to Adobe Flash Player or Adobe Flash Player for Android The update fixes a variety of errors that could cause the browser to crash, allow information disclosure and enable attackers to execute code.

At least one of the flaws, a memory corruption vulnerability, was discovered by security researchers at Fortinet Inc.  Danish vulnerability clearinghouse Secunia gave the Adobe Flash Player security update a “highly critical” rating.  “Certain unspecified input is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site,” Secunia said in its advisory.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.