Adobe has released a critical update today for its Flash Player software. The patch fixes six security vulnerabilities, at least one of which is a zero-day vulnerability being actively exploited in the wild.
Details of the security bulletin from Adobe to explain: "This update resolves a common cross-site scripting could be used to act on your behalf, or an Internet site or e-mail service provider if the user visits a malicious Web site (CVE-2011-2444), "and added:" Note: There are reports that this vulnerability is being actively exploited in targeted attacks wild to induce users to click the malicious link in an e-mail delivered. "
Zero-day bug now is similar to a bug in Flash, which was patched in June. Coincidentally, both the vulnerability of June, and this patched now, Google has been reported to Adobe.
I have seen no indication that the official Flash zero-day has nothing to do with the hack that compromised DigiNotar digital certificates used to authenticate legitimate sites - but the time seems right.
Similarly, errors in the ubiquitous Adobe Flash was used to infiltrate the RSA Security and encryption keys used in a compromise of RSA SecurID two-factor authentication tokens, Flash was also the heel 'Achilles Diginotar.
Adobe Flash is almost universal. Adobe Flash Player and browser plug-ins available for virtually all operating systems and browser, this error zero-day potentially affect 90 to 95 percent of computers worldwide.
Andrew Storms director of security operations, nCircle, connecting the dots. "Adobe said today that the defect" could be used to act on your behalf, and webmail providers. "I think we can interpret this means that a successful attack in this zero-day bug could allow an attacker to access user's Gmail account."
Storm is declared "It is time that all IT equipment in the circle of wagons and flash patch as soon as possible."
See you in IT storms 'teams', and lift up "all those who use Flash. "Go download and install the Adobe Flash now.
0 comments:
Post a Comment