Adobe (NASDAQ: ADBE) has released an emergency update of its Flash browser plug-in to address a new vulnerability that was disclosed for the first time last Friday. The flaw affects Adobe Flash Player 10.3.181.16 and earlier versions, and is of particular concern because it affects many platforms--Windows, Mac OS X, Linux and Solaris--opening them to cross-site scripting attacks.

According to various reports, the flaw is already being actively exploited in drive-by download attacks. A visit to a malicious website is all it takes to be exploited, with no further user authorization required. The security service SecurityFocus observed that a successful attack "may allow the attacker to steal cookie-based authentication credentials and to launch other attacks." It is also understood that this bug has been used to compromise Gmail accounts by inserting a forwarding address into the user's account settings.

Adobe has also cautioned that the authplay.dll component found in certain versions of Adobe Reader and Acrobat X could also be affected by the same flaw, though the company says it is not aware of any attacks.

For more:
- check out this article at InformationWeek
- check out this article at ZDNet
- check out this article at eWeek

Related Articles:
Top U.S. officials' Gmail accounts hacked following phishing attack
Should cyber attacks be considered acts of war?
Security researcher circumvents Adobe Flash Sandbox
Adobe apologizes for 16-month-old Flash bug