Adobe rushes out patch for Flash zero day

Flaw is being used for targeted email attacks.

Adobe’s security team is rushing to deploy a multiple operating system patch for a cross-site scripting Flash Player flaw that has reportedly been used in targeted attacks.

The flaw could allow the attacker take over an affected system by tricking an email recipient into clicking a booby-trapped link, Adobe warned.

“This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website,” it said.

Flash Player for Windows, Macintosh, Linux, Solaris (version and Android (version are affected, according to Adobe. It urged users to update to and respectively.

Google had alerted Adobe to the flaw last Thursday, triggering an initial update for Chrome as part of the pair’s agreement to ship Chrome with Flash.

Google released an updated browser on Tuesday, while Adobe’s wider patch is expected to be released on Wednesday.


Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Googleadobeattacksflash playersystem patch

More about Adobe SystemsGoogleLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts