Adobe’s security team is rushing to deploy a multiple operating system patch for a cross-site scripting Flash Player flaw that has reportedly been used in targeted attacks.
The flaw could allow the attacker take over an affected system by tricking an email recipient into clicking a booby-trapped link, Adobe warned.
“This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website,” it said.
Flash Player for Windows, Macintosh, Linux, Solaris (version 10.3.183.7) and Android (version 10.3.186.6) are affected, according to Adobe. It urged users to update to 10.3.183.10 and 10.3.186.7 respectively.
Google had alerted Adobe to the flaw last Thursday, triggering an initial update for Chrome as part of the pair’s agreement to ship Chrome with Flash.
Google released an updated browser on Tuesday, while Adobe’s wider patch is expected to be released on Wednesday.