Monday, June 6, 2011

Critical Security Update Available For Adobe Flash

Adobe has released patched version of their popular Flash Player. Version 10.3.181.22 (10.3.181.23 for ActiveX) fixes a universal cross-site scripting vulnerability (CVE-2011-2107) that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

Affected software:
- Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.3.185.22 and earlier versions for Android

Patched version for Windows, Macintosh, Linux and Solaris operating systems is available at Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.181.16 for Macintosh can install the update via the auto-update mechanism within the product when prompted. Adobe says that they expect to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

More information in Adobe's security bulletin.

No comments: