http://www.computerworld.com/s/article/ ... mail_users
Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users.
The vulnerability was patched yesterday in an "out-of-band," or emergency update. The fix was the second in less than four weeks for Flash, and the fifth this year. A weekend patch is very unusual for Adobe.
"We have reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," said Adobe spokeswoman Wiebke Lips in response to questions today. "The reports we received indicate that the current attacks are targeting Gmail specifically. However, we cannot assume that other Web mail providers may not be targeted as well."
According to Adobe's advisory, the Flash vulnerability is a cross-site scripting bug.
Cross-site scripting flaws are often used by identity thieves to hijack usernames and passwords from vulnerable browsers. In this case, browsers themselves are not targeted; rather, attackers are exploiting the Flash Player browser plug-in, which virtually every user has installed.
For us that fails to do such things I hope some who are good at it give some easy to get instruction how to install it on frugal install.
It could be as easy as one just replace one file with another.
But things are easy if one knows and almost impossible for those who don't know.