Last week, Adobe issued its regular patch Tuesday update as part of the a regular release cycle. As it turns out, they may have missed at least one flaw.
Adobe is set to release an emergency out-of-cycle patch today, fixing zero day vulnerabilities that affects Flash Player. The new zero day update comes on the same day that Adobe is updating Flash to version 11 providing new 3D graphics capabilities.
“There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” Adobe warned. “This universal cross-site scripting issue could be used to take actions on a user’s behalf on any website or webmail provider if the user visits a malicious website.”