Cross-site scripting (XSS) vulnerability in Adobe Flash Player prior to 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and prior to 10.3.186.7 on Android, allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Adobe pushed an emergency update to its ubiquitous Flash player yesterday that closed holes on 6 separate vulnerabilities. Of the 6, 4 were related directly to code execution (CVE-2011-2426, CVE-2011-2427, CVE-2011- 2428, CVE-2011-2430) One revolves around a universal cross-site scripting issue (CVE-2011-2444), and the last vulnerability can lead to information disclosure (CVE-2011-2429). We recommend that you update all systems immediately. Adobe also states that CVE-2011-2444 relating to cross...
Adobe Systems has issued an emergency update for its ubiquitous Flash Player that fixes a critical security vulnerability that attackers are actively exploiting to hack end user machines. Code exploiting the universal XSS, or cross-site scripting, bug “is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” Adobe said Wednesday in a blog post. It said the bug has been identified as CVE-2011-2444 an...