The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

Triple-Track Conference - 15th & 16th October


Capture the Flag - 15th & 16th October

HackWEEKDAY - 15th & 16th October

CommSec Village - 15th & 16th October


Adobe ships zero-day vulnerability patch for Flash Player

Hot on the heels of its Shockwave and Robohelp patches, Adobe has issued a patch for seven critical flaws in its Flash Player, including a zero-day universal cross-site scripting vulnerability.

The cross-site scripting flaw could be used “to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only)”, Adobe explained in its security bulletin.

The other six vulnerabilities could be used to crash systems as well as to take control of them, although Adobe has not seen any attacks in the wild targeting these other flaws. Vulnerable products include Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris; Adobe Flash Player and earlier versions for Android 4.x; and Adobe Flash Player and earlier versions for Android 3.x and 2.x.