Adobe has managed to uncover a zero-day cross-site scripting flaw in all versions of their Flash software, where the company believed that it was exploited recently to compromise a bunch of high-profile Google Gmail accounts – and good news for Gmail users, Adobe has managed to patch up that hole, so you can be rest assured that if your account ever gets hacked, it cannot be attributed to this security flaw.
Originally being exploited in drive-by download attacks, this flaw is now no more – thanks to Adobe’s release of the out-of-cycle update for Flash that will make sure Flash on Windows, Mac OS X , Android, Linux and Solaris will run just fine and dandy.
Originally, when one clicks on a malicious link or decides to drop by a rogue Website, the Flash vulnerability will start automatically, performing action(s) prior to explicit user authorization. According to Adobe, such attacks might be used to impersonate a user on different sites, where among them include Web-based email services and financial Websites. Well, as long as it is fixed, we’re happy.RELATED