Hackers exploiting Flash Player XSS vulnerability

Hackers exploiting Flash Player XSS vulnerability

Summary: Adobe releases a Flash Player update in response to reports that a cross-site scripting vulnerability is being exploited in the wild in active targeted attacks.

SHARE:

Adobe has released another Flash Player update to fix a serious security vulnerability that could expose Windows, Mac OS X, Linux and Solaris users to cross-site scripting attacks.

"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe warned in an advisory.

The release of this Flash Player patch follows reports that the vulnerability is being exploited in the wild in active targeted attacks.

In the targeted attacks, Adobe said users are being tricked into clicking on a malicious link delivered in an email message.follow Ryan Naraine on twitter

Adobe recommends users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX). Adobe expects to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

The company said it is still investigating the impact to the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems.

Topics: Linux, Enterprise Software, Hardware, Open Source, Operating Systems, Servers, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

28 comments
Log in or register to join the discussion
  • Linux is safe

    it's only a windoze & machinto$h issue
    Linux Geek
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @Linux Geek Learn to read my resident jester, learn to read !!!
      1773
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @Linux Geek

      Of course it is - there are too few Linux users to be counted in this context... BTW, the bulletin quoted from Adobe specifically states "Adobe recommends users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris update..." to the latest version. Dream on, dream on...
      Den2010
    • DOH! Better get those glasses updated.

      @Linux Geek if you read the post above, it says that Adobe recommends updating for Windows, Mac, Linux, Solaris, etc. So, guess it's a universal problem. Just because it can't run as system software doesn't mean it's not a problem!
      geekybryan
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @Linux Geek

      Sad that more and more clueless Linux users are becoming PEBKAC weak links just like you.

      https://encrypted.google.com/#hl=en&q=pebkac

      [i]~~~~~~~~~~
      Art, like morality, consists of drawing the line somewhere.
      ~ G.K. Chesterton[/i]
      WinTard
    • Only because it's just been patched.

      @Linux Geek
      The update appeared in the repository this evening, and you're only safe if you've installed it already. Or uninstalled Flash entirely, I suppose.
      Zogg
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @Linux Geek
      You are such an ignorant troll aren't you.
      shellcodes_coder
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @Linux Geek Not true. Applies to all versions of flash. Plus XSS is a browser level exploit.
      snoop0x7b
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @Linux Geek You must be a devil with the ladies... "Hi, I'm LG. Do you use Linux? I use Linux. Everyone needs to have a relationship with our savior, Linux. Wanna come to my Linux party this Friday? It's just me and my keyboard, but, you know...".

      Strive to have more in your life than just your OS and keyboard.
      ddferrari
  • Wow, can we just dump Flash already?

    Seriously.... what a bloated piece of crapware on all platforms.

    I give full credit to MS for making Silverlight, and full credit to Apple for telling Adobe to buzz off.

    Now.... all we need is silverlight to work everywhere...
    croberts
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @croberts

      Silverlight already does... On PS3, Xbox, iPhone, iPad, and Android. Anybody using Netflix? Cuz, it's based on Microsoft's Silverlight.

      Proof? https://encrypted.google.com/#hl=en&q=netflix+uses+silverlight

      [i]~~~~~~~~~~
      The true civilization is where every man gives to every other every right that he claims for himself.
      ~ Robert Ingersoll, 1833-1899[/i]
      WinTard
      • RE: Hackers exploiting Flash Player XSS vulnerability

        @WinTard
        As far as I know Silverlight won't work on sites like Youtube, and until it does, it won't replace the craptastic Flash POS.
        winky the barbarian
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @croberts

      Nah we don't need another proprietary crap from Microsoft. HTML5 is the future, not silverlight or flash
      shellcodes_coder
      • RE: Hackers exploiting Flash Player XSS vulnerability

        @shellcodes_coder spot on.
        pc_techs_ct
      • RE: Hackers exploiting Flash Player XSS vulnerability

        @shellcodes_coder

        Like I said in an earlier post. Apple has software on their app store for $39.95 drag & drop HTML5, plus if you can actually program, it allows you to add extra code.
        Jesster
    • not on Linux...

      @croberts To run silverlight on Linux you have to install a crap load of dependencies under the heading "mono." If you scroogle that up you'll see reports of horrific bugginess, resource hogging, and raging debates on the use of non-"free" code in the Linux environment.

      Mono crapped up a test unit I had so bad it was easier to reinstall than try to rip it's moldy tentacles out of the system.

      I've never gotten silverlight to work anything close to acceptable on Linux, and as they say: "go figure." HTML5 works wonderfully. I agree that's the way to go into the future, except they need a "Manhattan project" to get the thing off the drawing boards...
      pgit
  • RE: Hackers exploiting Flash Player XSS vulnerability

    Cross site scripting is not an attack on the platform. It's an attack on the browser and server so no OS is safe/unsafe because no OS is directly attacked. Of course, that's not going to help you any if an attacker gains your passwords and/or other sensitive information!

    This is a Flash problem but it's also a problem that many web developers are not programmers. Their reliance on products like Flash is itself a huge security problem.
    cwt001
    • RE: Hackers exploiting Flash Player XSS vulnerability

      @cwt001 <br><br>iOS has no Flash, therefore iOS is safe.
      bannedagain
      • RE: Hackers exploiting Flash Player XSS vulnerability

        @bannedagain Uh... No. It's safe from THIS particular XSS attack, but not safe from XSS attacks in general.
        snoop0x7b
  • Flash !!!

    Ah Flash, the ultimate Trojan - Adobe software should be banned from all computers - it's some of the worst software out there
    archangel9999