YourITDepo Archives

All Platinum Categories

  • Security
  • Service

    All Platinum Tags

    Archive for September 22nd, 2011

    Adobe Flash Player security update repairs dangerous XSS issue

    Posted on Thursday, September 22nd, 2011

    Adobe Systems Inc. has issued a critical Flash Player security update, repairing six vulnerabilities and at least one flaw being actively targeted by cybercriminals in an email attack.

    The flaw, an Adobe Flash Player cross-site scripting (XSS) vulnerability, could be used against a user once they are tricked into visiting a malicious website, Adobe said. The critical update affects all versions of Adobe Flash Player running on Windows, Macintosh, Linux and Solaris, as well as the mobile version for Google Android devices.

    “These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in its security advisory, issued Wednesday.

    Adobe recommends users upgrade to Adobe Flash Player or Adobe Flash Player for Android The update fixes a variety of errors that could cause the browser to crash, allow information disclosure and enable attackers to execute code.

    At least one of the flaws, a memory corruption vulnerability, was discovered by security researchers at Fortinet Inc.  Danish vulnerability clearinghouse Secunia gave the Adobe Flash Player security update a “highly critical” rating.  “Certain unspecified input is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” Secunia said in its advisory.

    Posted in Security by | Comments Off on Adobe Flash Player security update repairs dangerous XSS issue