Adobe released an out-of-band security update to address six critical vulnerabilities, all affecting Adobe Flash Player.
One of the six, a cross-site scripting vulnerability identified as CVE-2011-2444, is reportedly being exploited in the wild. The bug is reportedly being used in targeted attacks that involve malicious links sent out to targets through email messages.
Adobe attributed the discovery of CVE-2011-2444 to Google, who, in response to finding the vulnerability, issued an update for the Google Chrome browser to prevent attackers from exploiting the security hole.
Users are strongly advised to apply the patches as soon as possible, especially since exploiting any the addressed vulnerabilities can lead to either remote code execution, or information disclosure.
Note that users who utilize multiple browsers may need to update their other browsers separately. Users can visit this page through all their browsers to check if they have the latest version of Adobe Flash Player installed, and this page to update. Here is the list of Adobe Flash Player versions affected by vulnerabilities addressed in this update:
- Flash Player 10.3.183.7 and earlier
- Flash Player 10.3.183.7 and earlier for network distribution
- Flash Player 10.3.186.6 and earlier for Android
- Flash Player 10.3.183.7 and earlier for Chrome users
We will update this post once we find more information about the exploit.
Leave a reply