Adobe patches Flash XXS hole

Powered by SC Magazine
 

Update closes in the wild cross-site scripting vulnerability.

Adobe this week unexpectedly pushed an update to its popular Flash Player to address seven vulnerabilities, including one that was being publicly exploited.

The update to version 11.1.102.62 for Windows, Macintosh, Linux and Solaris includes a fix for a cross-site scripting flaw that was being used in targeted attacks against users of Internet Explorer on Windows, according to a security bulletin.

The bug was being leveraged in emails that tried to lure recipients to click on a link that leads to a malicious website, on which the attackers are able to take actions on the user's behalf.

The other flaws addressed by the update, which were not zero-days, could lead to malicious code execution, the bulletin said.

Wednesday's emergency release from Adobe likely will catch IT administrators off guard, said Andrew Storms, director of security operations at vulnerability management firm nCircle.

"In a perfect world, it would have been nice to get a little advance communication about the zero-day in Flash," he said.

For those organizations that can't update to the current version, Adobe also has made available an update for Flash 10.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Adobe patches Flash XXS hole
 
 
 
Top Stories
Westpac committed to core banking plan
[Blog post] Now with leadership.
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1147

Vote