Adobe patches Flash to fix zero-day XSS vulnerability


Adobe patches Flash to fix zero-day XSS vulnerability

SearchSecurity.IN Staff

Adobe has released an update for Flash player to counter a cross-site scripting vulnerability, just days after its release.  The vulnerability (CVE-2011-2107), rated ‘important’ by Adobe, affects Flash Player and previous versions across several platforms — Windows, OS X, Linux and Solaris and also Flash Player and earlier for the Android platform.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

The universal cross-site scripting vulnerability can be exploited to take actions on behalf of a user on any Website, once the user visits a malicious Website. Adobe believes that this vulnerability is being exploited in the wild, through the use of targeted attacks delivering malicious links through email. 

The vulnerability is rated as ‘important’, which means that it could potentially compromise processing resources on a targeted system as well as compromise data security.

Adobe has said in a security bulletin that it is still investigating the impact of this vulnerability to its ‘Authplay.dll’ component that ships with Adobe Reader and Acrobat X, as well as the software’s previous 9.x and 10.x versions. No attacks seemed to have been made against Reader or Acrobat in the wild so far.

Adobe recommends that users of Flash Player update to Flash Player for ActiveX). It expects an update for Flash Player for Android to be ready in the first week of June 2011.