September 26, 2011
Last week Adobe published an unscheduled emergency patch for Flash Player to address many critical security issues.
- Flash Player versions up to and including 10.3.183.7 for Windows, Mac OS X, Linux and Solaris
- Versions 10.3.186.6 and earlier for Android
The Flash Player updates are the company’s response to a recently discovered universal cross-site scripting (XSS) hole. According to Adobe, the vulnerability is already being actively exploited by attackers to bypass the same origin policy, allowing them to, for example, take actions on a user’s behalf on any Web site, or steal a victim’s cookies. For an attack to be successful, a victim must click on a malicious link.