Skip to main content

Adobe ships zero-day vulnerability patch for Flash Player

posted onFebruary 17, 2012
by l33tdawg

Hot on the heels of its Shockwave and Robohelp patches, Adobe has issued a patch for seven critical flaws in its Flash Player, including a zero-day universal cross-site scripting vulnerability.

The cross-site scripting flaw could be used “to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only)”, Adobe explained in its security bulletin.

The other six vulnerabilities could be used to crash systems as well as to take control of them, although Adobe has not seen any attacks in the wild targeting these other flaws. Vulnerable products include Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux, and Solaris; Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x; and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.

Source

Tags

Adobe Security Flash Software-Programming

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th