Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Adobe Releases Emergency Update for Flash Player

Adobe, on June 5, 2011, released a security patch outside its usual sequence of updates, fixing vulnerability within its Flash Player software, which hackers, reportedly are exploiting, stated crn.com dated June 6, 2011.

It's also reported that Adobe designated the vulnerability "important" a ranking it gives to marginally less severe security flaws. Furthermore, the vulnerability abuses an omnipresent XSS (cross-site scripting) security flaw within Flash Player, especially the 10.3.181.16 edition as well as previous editions for Mac OS X, Solaris, Windows and Linux along with Flash Player 10.3.185.22 as well as previous editions for Android.

Says Adobe, attackers, by exploiting the flaw, can use their malware-laden websites for doing arbitrary things on the affected PC or Android machine.

Further, when an attack is launched, one malevolent web-link is transmitted to the victim through an e-mail followed with manipulating him into clicking on it. This is done with a social engineering tactic that fools the victim into viewing a message, which apparently arrives from someone familiar to him. And when he clicks the web-link, he allows the download of malware onto his system that exploits the Flash Player's XSS flaw, reports Crn.com.

Additionally, specialists remark that although assaults, which involve XSSed web-links within e-mails based on social engineering tactics, have on several occasions been expressed as the proof-of-concept (POC) for XSS abuse, it's rather uncommon to find the technique being played on the Web. This implies that the targeted assaults, which Adobe mentions, are more-or-less rare.

Normally, flaws in Flash Player influence Adobe Acrobat and Reader too due to their inherent AuthPlay.dll component, which facilitates PDF documents to have Flash playback backing.

Evidently, Adobe continues to probe if the AuthPlay.dll component within Acrobat and Reader has the XSS vulnerability too. States Adobe, there aren't any existing malware assaults abusing the vulnerability targeting Acrobat and Reader, still users mustn't take chances.

Senior Technology Consultant Graham Cluley at Sophos said that irrespective of any OS an end-user ran, with Adobe's publication of the Flash Player vulnerability, users, at the foremost, required loading the patch for remaining safe from the problem. Eweek.com reported this on June 6, 2011.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 15-06-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next