Adobe has released an update for Flash player to counter a cross-site scripting vulnerability, just days after its release. The vulnerability (CVE-2011-2107), rated ‘important’ by Adobe, affects Flash Player 10.3.181.16 and previous versions across several platforms — Windows, OS X, Linux and Solaris and also Flash Player 10.3.185.22 and earlier for the Android platform.
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
The universal cross-site scripting vulnerability can be exploited to take actions on behalf of a user on any Website, once the user visits a malicious Website. Adobe believes that this vulnerability is being exploited in the wild, through the use of targeted attacks delivering malicious links through email.
The vulnerability is rated as ‘important’, which means that it could potentially compromise processing resources on a targeted system as well as compromise data security.
Adobe has said in a security bulletin that it is still investigating the impact of this vulnerability to its ‘Authplay.dll’ component that ships with Adobe Reader and Acrobat X, as well as the software’s previous 9.x and 10.x versions. No attacks seemed to have been made against Reader or Acrobat in the wild so far.
Adobe recommends that users of Flash Player 10.3.181.16 update to Flash Player 10.3.181.22(or 10.3.181.23 for ActiveX). It expects an update for Flash Player 10.3.185.22 for Android to be ready in the first week of June 2011.