In association with heise online

06 June 2011, 10:16

Flash Player update closes zero-day

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Flash logo Adobe has released an update to Flash Player to close a zero day vulnerability. The "universal" cross-site scripting flaw could, said Adobe, be used to take actions on a user's behalf on any web site or web mail provider once the user had visited a malicious site. The flaw is reportedly already being exploited in "active targeted attacks" with malicious links being delivered by email.

Adobe does not give any more details of the flaw, but it affects version and earlier versions of Flash Player for Windows, Mac OS X, Linux and Solaris and and earlier versions on Android. Adobe recommends that users update to the latest versions of the player, specifically for Windows, Mac OS X, Linux and Solaris, for ActiveX. Users who are unsure what version of Flash they have installed should refer to this page. The latest versions of Flash Player are also available on

Google has also released an update which incorporates the fixes to the Flash player. These updates for the stable version of Chrome brings it up to version 11.0.696.77. The update should download automatically and be installed when the browser is next restarted. Otherwise, users can force the update by selecting "About Google Chrome" under the "Wrench" icon and selecting "Update Now". Google has also updated the beta and dev versions of the browser.

There is currently no update available in the Android Market for the Android version of Flash Player. Adobe is also investigating whether Acrobat Reader and its embedded Flash Player are vulnerable.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit