Adobe on Wednesday patched six vulnerabilities featuring in twinkle Player, as well as lone it admitted is already being exploited by attackers.
With the aim of vulnerability, identified in the same way as CVE-2011-2444, shares various traits with an earlier twinkle flaw with the aim of was used to target Gmail accounts featuring in June.
Adobe labeled CVE-2011-2444 in the same way as a cross-site scripting (XSS) vulnerability, a period of bugs often used by identity thieves to embezzle usernames and passwords from vulnerable browsers. Featuring in this reason, browsers were not truthfully beleaguered; slightly, attackers exploited the omnipresent twinkle Player browser plug-in.
Like the June twinkle bug, CVE-2011-2444 was reported to Adobe by Google’s security team.
Adobe besides used almost identical phrasing to illustrate both CVE-2011-2444 and the June vulnerability featuring in its security advisories.
“There are reports with the aim of this vulnerability is being exploited featuring in the wild featuring in on the go beleaguered attacks designed to trick the user into clicking on a malicious link delivered featuring in an email message,” whispered Adobe featuring in Wednesday’s advisory in the same way as well in the same way as the lone it in print featuring in June. “This universal cross-site scripting give out may well come about used to take measures on a user’s behalf on a few website or else webmail bringer, if the user visits a malicious website.”
Adobe declined to comment on how the CVE-2011-2444 vulnerability was being exploited and as a replacement for referred questions to Google. The latter did not as soon as react to an emailed query.
Four of the five other twinkle bugs with the aim of Adobe patched at present may well come about exploited by attackers to run their malicious code on wronged computers, Adobe whispered featuring in its advisory.
Wednesday’s twinkle keep informed was the original since Adobe patched 13 bugs on Aug. 9. Adobe has fixed twinkle eight era so far this time, as well as several emergency, or else “out-of-band,” updates rushed to users for the reason that attacks were under way.
The patched versions of twinkle Player in favor of Windows, Mac, Linux and Solaris can come about downloaded from Adobe’s snare situate. Alternately, users can run Flash’s keep informed tool or else hold your horses in favor of the software to effect them with the aim of a original version is obtainable.
Machine users have to browse to the machine marketplace to keep informed twinkle.
Google silently updated its Chrome browser on Tuesday to include the patched version of twinkle Player. Google has been as well as twinkle with Chrome since April 2010, and remains the solitary browser maker to bundle the plug-in with its own releases.
Related:
Tags: Adobe