22 Sep 2011
Posted by synt4x 
Loading ...
The company Adobe Systems has released an emergency update to its Flash Player. It eliminates a critical vulnerability that attackers are actively exploiting to break into computers of end users.
XSS, or cross-site scripting, “operated in practice in active targeted attacks designed to trick users into clicking on malicious link in the email message”, said on Wednesday, Adobe blog. She noted that the bug has been identified as CVE-2011-2444 and that about him said someone from Google, but the details of what people and organizations are under attack, were not available.
Unscheduled update was released a day after Google released a new version of its browser Chrome, which included “an update to Flash Player, eliminating zero-day vulnerabilities.”
Over the last couple of years, Google has found a variety of attacks on users of Gmail and other services. Phishing campaign, discovered in June, was aimed at senior representatives from the U.S. government and military officials and the Chinese political activists. In March the search giant has warned that politically motivated perpetrators exploit a previously unknown vulnerability in all supported versions of Windows, to spy on users of Google.
Flash-vulnerability affects version 10.3.183.7 and earlier versions for Windows, Mac, Linux and Solaris, as well as Flash 10.3.186.6 for Google Android operating system for mobile phones. Those who use the new (higher) version of Flash on a Windows or Mac OS X can automatically install the update after that ask them to do auto-update mechanism, or you can install the update manually by downloading the file here . In some cases, those who use Flash in a few browsers have updated more than once. Those who want to know what version they are using at the moment, can visit this page .
Android users can make updates by visiting the Android Marketplace from their devices.
The patch, released on Wednesday, eliminates, at least five other vulnerabilities that could allow attackers to remotely execute code or to steal potentially sensitive information from computers that use Flash.
