ALL >> Computers >> View Article
Adobe's Releases Out-of-cycle Update To Address Cross-site Scripting Vulnerability In Flash Player
Cybercriminals constantly strive to identify and exploit security flaws in software products. Recently, Adobe released an out-of-cycle security update for Flash Player to mitigate a universal cross-site scripting flaw, which attackers are reportedly exploiting in the wild. The vendor has rated the vulnerability as important. Adobe rates those vulnerabilities as important, which enable attackers to compromise data, allow unauthorized access to confidential information, or compromise processing resources on a victim’s computer system. In this case, attackers entice users to click on a malicious link delivered in a specially crafted e-mail. The purpose of the attack is to steal log in credentials of online accounts. Usually, attackers use the extracted information to gain unauthorized access to online accounts or e-mail service on behalf of the user. In this case, attackers are reportedly exploiting the automatic forwarding feature in Gmail accounts, to gain unauthorized access. When users click on the given link and visit a malicious website, while still being logged on to e-mail account, the attackers address is added to ...
... the user's account. Attackers may come up with different variants and also target other web mail services.
The security update applies to Flash Player 10.3.181.16 and prior versions for Windows, Macintosh, Linux and Solaris users. Google has updated Chrome stable channel to provide protection against the latest vulnerability. The zero-day vulnerability also affects Flash Player 10.3.185.22 and prior versions for Android. The vendor expects to deliver a Flash player update for Android users in the coming days.
Adobe products are one of the popular targets of cybercriminals. Software products are prone to vulnerabilities caused by programming errors, human error, and wrong assumptions on user usage and environment among others. Usually, professionals qualified in penetration testing test the strength of the products and identify vulnerabilities. In this case, security researchers at Google identified and alerted Adobe on the vulnerability.
Security researchers have advised users to immediately update to the latest version to prevent attackers from exploiting the vulnerability. Users must verify the authenticity of the e-mails, before disclosing any information. They must avoid clicking on suspicious links in e-mails and those coming from dubious sources. Attackers may send specially crafted e-mails with enticing subject lines. E-mails arriving from scammers may also contain attachments. Users must be wary of downloading e-mail attachments arriving from unknown sources, attachments with suspicious file names, with risky extensions, and files with double extensions.
Attackers are allegedly actively exploiting the vulnerability by launching target-based attacks. Targeted attacks on employees of an organization may lead to disclosure of privileged information. Employees may open files or click on links in e-mails, as they appear to come from a legitimate source, and inadvertently provide unauthorized access to corporate accounts. Security blogs, e-learning and online computer degree programs may help employees to gain insights on latest security threats, precautionary measures and security guidelines.
Professionals qualified in IT masters degree or computer science degree may facilitate timely identification and application of requisite security updates. Developers must regularly evaluate software products to detect and mitigate security flaws.
Professionals may benefit from online technology degree programs to get acquainted with latest technological developments and bring improvements in software products.
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






