Adobe Fixes Flash Player XSS Flaw, Warns Of Ongoing Attacks

One day after the company released its monthly patch update, Adobe was out again with an emergency update to its Flash Player software, fixing seven holes, six that could lead to remote code execution and one that’s already being exploited in the wild.

Flash patchOne day after the company released its monthly patch update, Adobe was out again with an emergency update to its Flash Player software, fixing seven holes, six that could lead to remote code execution and one that’s already being exploited in the wild.

The company released patch APSB12-03 on Wednesday. The update specifically applies to Adobe Flash Player 11.1.102.55 and earlier builds for Windows, Macintosh, Linux and Solaris and early Android users. It includes a fix for a cross-site scripting vulnerability that is being used in targeted attacks, according to the company’s bulletin Wednesday.

Adobe released APSB12-02 and APSB12-04 on Tuesday as part of its monthly patch release, fixing a critical security vulnerabilities in Shockwave Player, and another affecting its RoboHelp authoring product.

The critical Flash update came a day later. For users who cannot update to the latest version of Flash Player, Adobe’s prepared a patch for Flash Player 10.x and Flash Player 10.3.183.15 that can be downloaded here.

For more information on the update, read the company’s security bulletin here.

Suggested articles