Adobe has issued a new version of its Flash Player, for all platforms (Windows, Mac OS X, Linux, Solaris, and Android) to incorporate fixes for two critical security vulnerabilities. For Windows, Mac OS X, and Linux, the new version number is 184.108.40.206; for Solaris, the new version is 220.127.116.11, and for Android, 18.104.22.168. According to Adobe’s Security Bulletin [APSB12-07], the affected versions of the player are:
- Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and 2.x
Adobe rates this as a Priority 2 update, meaning:
This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent.
As Adobe says, Flash Player has been at “elevated risk”; it is very commonly installed, across multiple platforms, and is therefore an attractive target for the Bad Guys.
You can get the new version using the built-in update mechanism, or by downloading the installation package here. Android users should see the update instructions in the Security Bulletin.
Although a new version of Google’s Chrome, incorporating the new Flash Player, has not been announced yet, I ‘d expect one within the next 24 hours or so. I will post a note here when I get any definite information.
Update Wednesday, 28 March, 17:25 EDT
Google has now released a new version of Chrome incorporating this update.
The new version also includes, for Windows, a new automatic updating function, which will allow updates to be downloaded and installed without user intervention. More details are available in this post on the Adobe Secure Software Engineering Team [ASSET] blog.
Update Thursday, 29 March, 11:35 EDT
Ars Technica has a brief article explaining the new auto-update capability.