Not wanting, apparently, to be left out of the Patch Tuesday fun, Adobe has released a new Security Bulletin [APSB13-09] for its Flash Player for all platforms. The updates address four identified security flaws that, if exploited, might lead to a system crash or remote code execution. (One of these relates to handling of an integer overflow exception; the other three are good old-fashioned memory management errors.) According to Adobe, the following versions of the software are affected:
- Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
- Adobe Flash Player 22.214.171.1243 and earlier versions for Linux
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 4.x
- Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x
- Adobe AIR 184.108.40.2067 and earlier versions for Windows, Macintosh and Android
- Adobe AIR 220.127.116.117 SDK and earlier versions
- Adobe AIR 18.104.22.1689 SDK & Compiler and earlier versions
The new version number for Mac OS X and Windows is 11.6.602.180; for Linux it is 22.214.171.1245. Please see the Security Bulletin for information and update information for Android and AIR.
Windows users who have the silent update option enabled should receive the new version automatically. Windows or Mac OS X users can get the update using the update mechanism built into the software. Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page. Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.
Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.