Adobe rushes out patch for Flash zero day

Flaw is being used for targeted email attacks.

Adobe’s security team is rushing to deploy a multiple operating system patch for a cross-site scripting Flash Player flaw that has reportedly been used in targeted attacks.

The flaw could allow the attacker take over an affected system by tricking an email recipient into clicking a booby-trapped link, Adobe warned.

“This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website,” it said.

Flash Player for Windows, Macintosh, Linux, Solaris (version 10.3.183.7) and Android (version 10.3.186.6) are affected, according to Adobe. It urged users to update to  10.3.183.10 and 10.3.186.7 respectively.

Google had alerted Adobe to the flaw last Thursday, triggering an initial update for Chrome as part of the pair’s agreement to ship Chrome with Flash.

Google released an updated browser on Tuesday, while Adobe’s wider patch is expected to be released on Wednesday.

 

Join the CSO newsletter!

Error: Please check your email address.

Tags system patchGoogleattacksflash playeradobe

More about Adobe SystemsGoogleLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts