Adobe Issues Out-of-Cycle Update to Mitigate Cross-Site Scripting Vulnerability in Flash Player

Recently, Adobe released an out-of-cycle security update for Flash Player to mitigate a universal cross-site scripting flaw.

Albuquerque, NM (prHWY.com) June 7, 2011 - Cybercriminals constantly strive to identify and exploit security flaws in software products. Recently, Adobe released an out-of-cycle security update for Flash Player to mitigate a universal cross-site scripting flaw, which attackers are reportedly exploiting in the wild. The vendor has rated the vulnerability as important. Adobe rates those vulnerabilities as important, which enable attackers to compromise data, allow unauthorized access to confidential information, or compromise processing resources on a victim's computer system. In this case, attackers entice users to click on a malicious link delivered in a specially crafted e-mail. The purpose of the attack is to steal log in credentials of online accounts. Usually, attackers use the extracted information to gain unauthorized access to online accounts or e-mail service on behalf of the user. In this case, attackers are reportedly exploiting the automatic forwarding feature in Gmail accounts, to gain unauthorized access. When users click on the given link and visit a malicious website, while still being logged on to e-mail account, the attackers address is added to the user's account. Attackers may come up with different variants and also target other web mail services.

The security update applies to Flash Player 10.3.181.16 and prior versions for Windows, Macintosh, Linux and Solaris users. Google has updated Chrome stable channel to provide protection against the latest vulnerability. The zero-day vulnerability also affects Flash Player 10.3.185.22 and prior versions for Android. The vendor expects to deliver a Flash player update for Android users in the coming days.

Adobe products are one of the popular targets of cybercriminals. Software products are prone to vulnerabilities caused by programming errors, human error, and wrong assumptions on user usage and environment among others. Usually, professionals qualified in penetration testing test the strength of the products and identify vulnerabilities. In this case, security researchers at Google identified and alerted Adobe on the vulnerability.

Security researchers have advised users to immediately update to the latest version to prevent attackers from exploiting the vulnerability. Users must verify the authenticity of the e-mails, before disclosing any information. They must avoid clicking on suspicious links in e-mails and those coming from dubious sources. Attackers may send specially crafted e-mails with enticing subject lines. E-mails arriving from scammers may also contain attachments. Users must be wary of downloading e-mail attachments arriving from unknown sources, attachments with suspicious file names, with risky extensions, and files with double extensions.

Attackers are allegedly actively exploiting the vulnerability by launching target-based attacks. Targeted attacks on employees of an organization may lead to disclosure of privileged information. Employees may open files or click on links in e-mails, as they appear to come from a legitimate source, and inadvertently provide unauthorized access to corporate accounts. Security blogs, e-learning and online computer degree programs may help employees to gain insights on latest security threats, precautionary measures and security guidelines.

Professionals qualified in IT master's degree or computer science degree may facilitate timely identification and application of requisite security updates. Developers must regularly evaluate software products to detect and mitigate security flaws.

Professionals may benefit from online technology degree programs to get acquainted with latest technological developments and bring improvements in software products.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: software, vulnerabilities, log in credentials, gmail, flash player, adobe, online accounts, windows, macintosh, linux, solaris, android, google, chrome

Categories: Internet

Link To This Press Release:

URL HTML Code