That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to .

Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.

Like the June Flash bug, CVE-2011-2444 was reported to Adobe by Google's security team.

Adobe also used almost identical phrasing to describe both CVE-2011-2444 and the June vulnerability in its security advisories.

"There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," said Adobe in as well as the one it published in June. "This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website."