Adobe patches Flash bug hackers are already exploiting
Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers. That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.