Adobe has released security updates for its Flash Player software that address a number of critical security vulnerabilities. According to the Security Bulletin [APSB12-22], the affected versions of the software are:
- Adobe Flash Player 11.4.402.278 and earlier versions for Windows
- Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh
- Adobe Flash Player 220.127.116.11 and earlier versions for Linux
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x
(The Adobe AIR software is also affected; please see the Security Bulletin for details.) Adobe has identified 25 vulnerabilities fixed in this release. Of these, 14 involve buffer overflows, and 11 involve memory corruption bugs.
The updated software has the following new version numbers:
- Windows and Mac OS X: 11.4.402.287
- Linux: 126.96.36.199
- Android 4.x: 188.8.131.52
- Android 2.x, 3.x: 184.108.40.206
Google will presumably release a new version of the Chrome browser to update the bundled Flash Player. For new AIR version numbers, please see the Security Bulletin.
Because Flash Player is so widely installed across different platforms, it is a tempting target; I recommend that you update your systems as soon as you conveniently can. Windows and Mac users can get the new version using the update mechanism built into the product; alternatively, you can get the new version from the Flash Player download center. Windows users should remember that they may need two updates: one for the Internet Explorer plugin, and one for any other browsers they may have.