Adobe has issued a new version of its Flash Player, for all platforms (Windows, Mac OS X, Linux, Solaris, and Android) to incorporate fixes for two serious security vulnerabilities. (For platforms other than Android, the new version number is 184.108.40.206.) According to Adobe’s Security Bulletin [APSB12-05], the affected versions of the player are:
- Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x
Adobe rates this as a Priority 2 update, meaning:
This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent.
As Adobe says, Flash Player has been at “elevated risk”; it is very commonly installed, across multiple platforms, and is therefore an attractive target for the Bad Guys.