Computerworld: On Wednesday, Adobe issues a patches for seven critical vulnerabilities for its Flash player, including one zero-day cross-site scripting flaw identified by Google. “This update resolves a universal cross-site scripting vulnerability that could be used to take actions on a user’s behalf on any website or Web mail provider, if the user visits a malicious website,” said Adobe. “There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.”
Adobe is currently working on “sandboxed” versions of Flash. Sandboxing would have prevented hackers from exploiting these current vulnerabilities.