Adobe Flash Player security update repairs dangerous XSS issue


Adobe Flash Player security update repairs dangerous XSS issue Staff

Adobe Systems Inc. has issued a critical Flash Player security update, repairing six vulnerabilities and at least one flaw being actively targeted by cybercriminals in an email attack.

 The flaw, an Adobe

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Flash Player cross-site scripting (XSS) vulnerability, could be used against a user once they are tricked into visiting a malicious website, Adobe said. The critical update affects all versions of Adobe Flash Player running on Windows, Macintosh, Linux and Solaris, as well as the mobile version for Google Android devices.

“These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in its security advisory, issued Wednesday.

Adobe recommends users upgrade to Adobe Flash Player or Adobe Flash Player for Android The update fixes a variety of errors that could cause the browser to crash, allow information disclosure and enable attackers to execute code.

At least one of the flaws, a memory corruption vulnerability, was discovered by security researchers at Fortinet Inc.  Danish vulnerability clearinghouse Secunia gave the Adobe Flash Player security update a “highly critical” rating.  “Certain unspecified input is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site,” Secunia said in its advisory.