Adobe Introduces Security Update Urgently to Patch Critical Vulnerabilities within Flash Player
Adobe Systems, on September 21, 2011, issued a security update on an emergency basis for fixing 6 serious vulnerabilities within its widely used Flash Player product, which cyber-criminals are actively exploiting, published Msnbc.com dated September 21, 2011.
Reportedly, Adobe identified one flaw, out of the total addressed, as CVE-2011-2444, which has a few common traits with a previous vulnerability in Flash, attackers exploited for compromising Gmail accounts during June 2011.
The CVE-2011-2444 vulnerability, says Adobe is an XSS (cross-site scripting) vulnerability that identity-thieves frequently abuse for theft of usernames and passwords through weakened Web-browsers. But within the current instance, there's no direct targeting of Web-browsers, instead cyber-criminals abuse the browser plug-in of the omnipresent Flash Player.
Incidentally, just as the vulnerability detected in June 2011, the report of CVE-2011-2444 to Adobe has also been by Google. What's more, Adobe even described the two vulnerabilities with nearly identical phrasing within the respective security advisories.
Adobe stated that reports were coming in about the latest security flaw getting abused online through vigorous personalized assaults that were designed for deceiving end-users into following one malevolent web-link served through an electronic mail. Eweek.com reported this on September 21, 2011.
Describing the said XSS flaw, Adobe wrote that remote cyber-criminals could utilize it for conducting operations on Web-mail accounts or web-pages pretending to be the end-users themselves.
Moreover, Adobe further stated that out of the 5 remaining vulnerabilities, 4 could be abused for executing malware on vulnerable PCs. ComputerWorld.com published this on September 21, 2011.
Meanwhile, it's reported that the Flash security flaw impacts versions 10.3.183.7 along with previous ones for Windows, Solaris, Linux and Mac, and Flash Player version 10.3.186.6 for the Android OS (operating system) of Google used in cell-phones.
Adobe suggested that each of its consumers must make their installations up-to-date with the latest editions at the earliest.
Senior Technology Consultant Graham Cluley at Sophos stated that the newest security update must be treated with utter importance, as with serious stuff like the patch, consumers would be prudent if they made sure that their PCs were up-to-date with it, immediately on the update's release. Eweek.com published this.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 01-10-2011