September 21, 2011

Flash to get update for zero-day bug

UPDATE: The patches are now live

Adobe on Wednesday plans to release an update to its Flash Player to patch a number of vulnerabilities, including one that is being actively exploited.

The update to Flash 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris is expected to include several fixes.

But the primary reason for the emergency update is to resolve a flaw, rated "important," that is being leveraged in ongoing, targeted attacks in which adversaries are attempting to trick users into clicking on a malicious link contained in an email, according to Adobe. A successful exploit could lead to a cross-site scripting attack by which criminals could take website actions on the victim's behalf.

Wednesday's planned release, which also will bring Flash 10.3.186.6 for Android up to date, includes fixes for a number of other vulnerabilities – these rated "critical" – but none are being actively used in attacks. However, a successful exploit could result in a full system takeover.

The updates are due in the early evening EST. Google, meanwhile, already has fixed the issue in the latest version of Chrome.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.