Flash Player Patch Fixes Zero-Day Flaw

[leofelix]

Flash Player Patch Fixes Zero-Day Flaw

Adobe released an emergency security update today to fix a vulnerability that the company warned is being actively exploited in targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

The vulnerability — a cross-site scripting bug that could be used to take actions on a user’s behalf on any Web site or Webmail provider, exists in Flash Player version 10.3.181.16 and earlier for Windows, Macintosh, Linux and Solaris. Adobe recommends users update to version 10.3.181.22 (on Internet Explorer, the latest, patched version is 10.3.181.23). To find out what version of Flash you have, go here.

Remember that if you use Internet Explorer in addition to other browsers, you will need to apply this update twice: Once to install the Flash Active X plugin for IE, and again to update other browsers, such as Firefox and Opera. Updates are available by browsing with the appropriate browser to the Flash Player Download Center.

Bear in mind that updating via the Download Center involves installing Adobe’s Download Manager, which may try to foist additional software. If you’d prefer to update manually, the direct installers for Windows are available at this link

Source: KrebsOnSecurity

[Bearcat]

Thanks for the heads up Leo! Just ran the update myself.

[KaYaN]

Ups. the version my flash is 10.3.181.14
Hmm..as long i remember I always update the flash player, but after that I never check to verify
Thanks for the link Leo

[INDRANIL]

Thanks for the heads up Captain .

[Ceyfer √]

Fash is a beacon lights for malwares...I need to take out that defective halogen bulb before its too late. Thanks!

[jelson]

Thanks for the heads up