Adobe has been forced to rush out an out-of-cycle patch to fix a zero-day universal cross-site scripting vulnerability which affects the firm's Flash Player software and is already being exploited in the wild.
The flaw has been rated 'important' by Adobe, one level below the highest 'critical' rating, and meaning that it would compromise data security if exploited.
The vulnerability affects Adobe Flash Player 10.3.181.16 and earlier for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier for Android.
"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any web site or webmail provider, if the user visits a malicious web site," noted Adobe in a security update.
"There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
Adobe is recommending users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris to download the latest version of the software from the Adobe Flash Player Download Center.
An update for Flash Player 10.3.185.22 for Android is expected during the week of 6 June.
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern