Your one-stop web resource providing safety and security information to manufacturers

Adobe published an unscheduled emergency patch for Flash Player to address critical security issues.

The Flash Player updates, version for desktop operating systems and for Android, are the company’s response to a universal cross-site scripting (XSS) hole.

More Firms Flee DigiNotar
Old Browser Plug-ins Big Attack Target
A Trojan Distribution Network
ZeuS Spin Off Hits Cyber Street

The vulnerability is already in the sites of attackers looking to bypass the same origin policy, allowing them to, for example, take actions on a user’s behalf on any web site or steal a victim’s cookies, Adobe said.

For an attack to be successful, a victim must first click on a malicious link. The company said the vulnerability does not affect the Authplay.dll component included in Reader and Acrobat.

Cyber Security

The updates also close five other holes, however, the company offered little information about them. Four of the vulnerabilities allow an attacker to remotely execute arbitrary code on a victim’s system. The company also fixed a security control bypass flaw that could lead to information disclosure.

The vulnerability affects Flash Player versions up to and including for Windows, Mac OS X, Linux and Solaris, as well as and earlier for Android. The company advises all users to install the upgrade. Users running Chrome already received the Flash Player update in version 14.0.835.186 of the web browser.

Pin It on Pinterest

Share This