Adobe has issued new versions of its Flash Player software, for all platforms, to address three Critical security vulnerabilities. According to Adobe’s Security Bulletin [APSB12-27], vulnerable versions of the software are:
- Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh
- Adobe Flash Player 220.127.116.11 and earlier versions for Linux
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x
- Adobe AIR 126.96.36.1990 and earlier versions for Windows and Macintosh, Android and SDK (includes AIR for iOS
A successful attack employing these vulnerabilities could crash the affected system, and possibly allow the attacker to gain control of it.
The updated version numbers for PC platforms are:
- Windows: 11.5.502.135
- Mac OS X: 11.5.502.136
- Linux: 188.8.131.52
For Android and AIR version numbers, please see the Security Bulletin.
Users of the Flash Player bundled with Google’s Chrome browser or Microsoft’s Internet Explorer 10 should get a browser update that includes the new version via the built-in update mechanism. Windows, Linux, and Mac OS X users can get the new version from the Flash Player download page. (Windows users should note that they may need two updates: one for Internet Explorer, and one for any other browser that they may have installed.) For other versions, please check the Security Bulletin.
You can check the version of Flash Player that you are using by visiting this Adobe page.
Because it is widely installed across multiple platforms, Flash Player has always been an attractive target for the Bad Guys. I recommend that oyu update your systems as soon as you conveniently can.