Adobe Fixes Actively Exploited Flash Player XSS Flaw


Recommended Posts

Adobe Fixes Actively Exploited Flash Player XSS Flaw

Adobe has released a new update for Flash Player in order to address a cross-site scripting (XSS) vulnerability that is being actively exploited in the wild.

"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe warns in its security bulletin.

There are reports of this vulnerability being exploited in email-based attacks that try to convince users to click on maliciously-crafted links.

While attacks that include XSSed links in socially engineered emails have been described as proof-of-concept for cross-site scripting exploitation many times in the past, the technique has rarely been spotted in the wild.

This means the attacks mentioned by Adobe, which are targeted in nature, are rather unusual. The vulnerability is rated as "important" and Adobe recommends users to upgrade to Flash Player 10.3.181.22 for Windows, Macintosh, Linux and Solaris and 10.3.181.23 for ActiveX. The update for Android is expected later this week.

Usually, Flash Player vulnerabilities also impact Adobe Reader and Acrobat because of the bundled AuthPlay.dll component that enables Flash playback support in PDF documents.

More details here: http://news.softpedia.com/news/Adobe-Fixes-Actively-Exploited-Flash-Player-XSS-Flaw-204376.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...