Adobe has been forced to rush out an out-of-cycle patch to fix a zero-day universal cross-site scripting vulnerability which affects the firm's Flash Player software and is already being exploited in the wild.
The flaw has been rated 'important' by Adobe, one level below the highest 'critical' rating, and meaning that it would compromise data security if exploited.
The vulnerability affects Adobe Flash Player 10.3.181.16 and earlier for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier for Android.
"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any web site or webmail provider, if the user visits a malicious web site," noted Adobe in a security update.
"There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
Adobe is recommending users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris to download the latest version of the software from the Adobe Flash Player Download Center.
An update for Flash Player 10.3.185.22 for Android is expected during the week of 6 June.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix