Most XSS vulnerabilities are the result of coding errors on a specific website. A universal XSS, by contrast, stems from bugs present in browsers or plugins and can be exploited as they access multiple sites. Besides its zero-day status as a vulnerability—meaning it was fixed only after it was under attack—the Flash bug is noteworthy because it affects software that is installed on a majority of the world's computers. What's more, universal XSS vulnerabilities typically give an attacker the ability to run custom-written JavaScript in a victim's browser that can steal authentication cookies used to log into private accounts and take similar actions, such as send spam or messages to all addresses contained in an address book.
Security bulletin from Adobe https://www.adobe.com/support/security/bulletins/apsb12-03.html, "Adobe categorizes these as critical updates and recommends users update their installations to the newest versions."
So you might want to make sure your up to date, if you don't do that automatically.
Personally I like to manually check upgrades on a weekly basis, more to make sure I think about security. It helps me make thinking about security risks a habit.
No comments:
Post a Comment