A dangerous zero-day Flash attack revealed yesterday by Adobe patched along with other flaws in the application is the dreaded and relatively rare universal cross-site scripting (XSS) threat. The vulnerability was spotted being exploited in the wild in targeted, email-based attacks.
Universal XSS attacks spread via browsers or plug-ins, so they can affect any website, regardless of whether it harbors inherent XSS flaws. Adobe’s patch for the flaw was issued late yesterday, one day after it had issued updates for Acrobat and Reader in its regularly scheduled patch release. Continue reading Zero-Day Used In Targeted Email Attacks on Adobe Flash