Adobe issued a new security update for its Adobe Flash Player on Sunday, fixing a vulnerability that has been categorized as being, ‘important’. The important rating is Adobe’s second highest security rating behind ‘critical’ and above ‘moderate’.
The important flaw is a cross site scripting (XSS) vulnerability that affects Windows, Macintosh, Linux, Solaris and Android versions of Flash Player. According to Adobe, the flaw is already being exploited in the wild via malicious email links.
“This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website,” Adobe warned it is advisory.