Adobe Releases Emergency Update for Flash Player
Adobe, on June 5, 2011, released a security patch outside its usual sequence of updates, fixing vulnerability within its Flash Player software, which hackers, reportedly are exploiting, stated crn.com dated June 6, 2011.
It's also reported that Adobe designated the vulnerability "important" a ranking it gives to marginally less severe security flaws. Furthermore, the vulnerability abuses an omnipresent XSS (cross-site scripting) security flaw within Flash Player, especially the 10.3.181.16 edition as well as previous editions for Mac OS X, Solaris, Windows and Linux along with Flash Player 10.3.185.22 as well as previous editions for Android.
Says Adobe, attackers, by exploiting the flaw, can use their malware-laden websites for doing arbitrary things on the affected PC or Android machine.
Further, when an attack is launched, one malevolent web-link is transmitted to the victim through an e-mail followed with manipulating him into clicking on it. This is done with a social engineering tactic that fools the victim into viewing a message, which apparently arrives from someone familiar to him. And when he clicks the web-link, he allows the download of malware onto his system that exploits the Flash Player's XSS flaw, reports Crn.com.
Additionally, specialists remark that although assaults, which involve XSSed web-links within e-mails based on social engineering tactics, have on several occasions been expressed as the proof-of-concept (POC) for XSS abuse, it's rather uncommon to find the technique being played on the Web. This implies that the targeted assaults, which Adobe mentions, are more-or-less rare.
Normally, flaws in Flash Player influence Adobe Acrobat and Reader too due to their inherent AuthPlay.dll component, which facilitates PDF documents to have Flash playback backing.
Evidently, Adobe continues to probe if the AuthPlay.dll component within Acrobat and Reader has the XSS vulnerability too. States Adobe, there aren't any existing malware assaults abusing the vulnerability targeting Acrobat and Reader, still users mustn't take chances.
Senior Technology Consultant Graham Cluley at Sophos said that irrespective of any OS an end-user ran, with Adobe's publication of the Flash Player vulnerability, users, at the foremost, required loading the patch for remaining safe from the problem. Eweek.com reported this on June 6, 2011.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 15-06-2011