An unexpected Adobe Flash Player was released addressing. The update addresses a universal cross-site scripting vulnerability (CVE-2011-2107) which could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website.
Adobe indicated that there are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
Release date: June 5, 2011
Vulnerability identifier: APSB11-13
CVE number: CVE-2011-2107
Platform: All Platforms
Standing InstructionsAlthough Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:
- IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
- Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
Verify InstallationTo verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.
Do this for each browser installed on your computer.
- Adobe Security Advisory: Security Bulletins: APSB11-13 - Security Update available for Adobe Flash Player
- Adobe PSIRT Blog: Security update available for Adobe Flash Player (APSB11-13)