updated 07:50 am EDT, Mon June 6, 2011
Adobe issues new warning and patch for Flash 10.3
Adobe has identified a new vulnerability that affects its freshly minted Flash 10.3 and all previous versions for all desktop as well as the mobile version for Android. Adobe has classified the threat as important and recommends that all users of Flash Player 10.3 upgrade to the new, patched version, immediately. The exploit targets users by sending a malicious link embedded in an email message.
Adobe issued this statement on the matter:
"This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
The first release of Flash Player 10.3 for desktops was build 10.3.181.16. This should now be updated to build 10.3.181.22. The first release build of mobile Flash Player was 10.185.22. Adobe says that it expects to release an updated patched version for Android sometime this week.