Not wanting, apparently, to be left out of the Patch Tuesday fun, Adobe has released a new Security Bulletin [APSB13-09] for its Flash Player for all platforms. The updates address four identified security flaws that, if exploited, might lead to a system crash or remote code execution. (One of these relates to handling of an integer overflow exception; the other three are good old-fashioned memory management errors.) According to Adobe, the following versions of the software are affected:
- Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
- Adobe Flash Player 220.127.116.113 and earlier versions for Linux
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x
- Adobe AIR 126.96.36.1997 and earlier versions for Windows, Macintosh and Android
- Adobe AIR 188.8.131.527 SDK and earlier versions
- Adobe AIR 184.108.40.2069 SDK & Compiler and earlier versions
The new version number for Mac OS X and Windows is 11.6.602.180; for Linux it is 220.127.116.115. Please see the Security Bulletin for information and update information for Android and AIR.
Windows users who have the silent update option enabled should receive the new version automatically. Windows or Mac OS X users can get the update using the update mechanism built into the software. Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page. Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.
Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.