Adobe today released new versions of its Flash Player for Windows, Mac OS X, and Linux systems. According to Adobe’s Security Bulletin [APSB12-18],
These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
The new versions are 11.3.300.271, for Windows and Mac systems, and 220.127.116.11 for Linux systems. (As I noted back in April, Adobe is no longer providing new Linux versions of Flash Player, but it is still releasing security updates.) Adobe says that the affected versions of the software are Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux operating systems. Flash Player for Android is not affected by this vulnerability.
It appears that there are limited exploits of this vulnerability “in the wild”. At present, these seem to be targeted at the Active X version of Flash Player for Windows Internet Explorer. However, other versions are also vulnerable, and Flash Player has always been an attractive target for the Bad Guys, because it is so widely installed across platforms.
Windows users who have the silent update option enabled should receive the new version automatically. Windows or Mac OS X users can get the update using the update mechanism built into the software. Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page. Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser that they have installed.
I recommend that you update your systems as soon as you conveniently can.