Peaches Posted June 7, 2011 Report Share Posted June 7, 2011 Adobe Fixes Actively Exploited Flash Player XSS Flaw Adobe has released a new update for Flash Player in order to address a cross-site scripting (XSS) vulnerability that is being actively exploited in the wild."This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe warns in its security bulletin.There are reports of this vulnerability being exploited in email-based attacks that try to convince users to click on maliciously-crafted links.While attacks that include XSSed links in socially engineered emails have been described as proof-of-concept for cross-site scripting exploitation many times in the past, the technique has rarely been spotted in the wild.This means the attacks mentioned by Adobe, which are targeted in nature, are rather unusual. The vulnerability is rated as "important" and Adobe recommends users to upgrade to Flash Player 10.3.181.22 for Windows, Macintosh, Linux and Solaris and 10.3.181.23 for ActiveX. The update for Android is expected later this week.Usually, Flash Player vulnerabilities also impact Adobe Reader and Acrobat because of the bundled AuthPlay.dll component that enables Flash playback support in PDF documents. More details here: http://news.softpedia.com/news/Adobe-Fixes-Actively-Exploited-Flash-Player-XSS-Flaw-204376.shtml Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.