Skip to main content

Adobe ships zero-day vulnerability patch for Flash Player

posted onFebruary 17, 2012
by l33tdawg

Hot on the heels of its Shockwave and Robohelp patches, Adobe has issued a patch for seven critical flaws in its Flash Player, including a zero-day universal cross-site scripting vulnerability.

The cross-site scripting flaw could be used “to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only)”, Adobe explained in its security bulletin.

The other six vulnerabilities could be used to crash systems as well as to take control of them, although Adobe has not seen any attacks in the wild targeting these other flaws. Vulnerable products include Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris; Adobe Flash Player and earlier versions for Android 4.x; and Adobe Flash Player and earlier versions for Android 3.x and 2.x.



Adobe Security Flash Software-Programming

You May Also Like

Recent News

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th