Adobe has patched an “important’ vulnerability in the recently released Flash Player 10.3.181.16 and all previous versions for Windows, Macintosh, Linux and Solaris, the San Jose-based company said on Sunday. It has issued a security bulletin ( APSB11-13 ) to address the important vulnerability (CVE-2011-2107), which also affects Flash Player 10.3.185.22 and earlier versions for Android.
Adobe recommends that all Windows, Macintosh, Linux and Solaris users running an affected version of the plugin immediately upgrade to to the latest version 10.3.181.22 (10.3.181.23 for ActiveX). A security update for Flash Player 10.3.185.22 for Android is expected to arrive later this week.
From the security bulletin: “This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.”