Adobe has issued a critical security update for its ubiquitous Flash
Player software. The patch plugs at least seven security holes,
including one reported by Google that is already being used to trick
users into clicking on malicious links delivered via email.

In an advisory released Wednesday afternoon, Adobe warned that one of
the flaws — a cross-site scripting vulnerability (CVE-2012-0767)
reported by Google – was being used in the wild in active, targeted
attacks designed to trick users into clicking on a malicious link
delivered in an email message. The company said the flaw could be used
to take actions on a user’s behalf on any website or webmail provider,
if the user visits a malicious website. A spokesperson for the company
said this particular attack only works against Internet Explorer on Windows.

http://krebsonsecurity.com/2012/02/f...zero-day-flaw/

--
Dave - "It is much better to be hated for what you are, than to be loved
for what you definitely are not." "Do unto others as you would have them
do unto you."