Adobe has released a new Security Bulletin [APSB13-11] for its Flash Player software for all platforms, and for Adobe AIR. The new patches address four identified security vulnerabilities; Adobe rates the security impact of this bulletin as Critical; these vulnerabilities might allow an attacker to take control of a vulnerable system. According to Adobe, the affected versions of the software are:
- Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh
- Adobe Flash Player 184.108.40.2065 and earlier versions for Linux
- Adobe Flash Player 220.127.116.11 and earlier versions for Android 4.x
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x
- Adobe AIR 22.214.171.12490 and earlier versions for Windows, Macintosh and Android
- Adobe AIR 126.96.36.19990 SDK & Compiler and earlier versions
The new version of Flash Player for Windows and Mac OS X is 11.7.700.169; for Linux, it is 188.8.131.520. Please see the Security Bulletin for information and update information for Android and AIR. Google will presumably release a new version of its Chrome browser to include an updated Flash Player.
Windows users who have the silent update option enabled should receive the new version automatically. Windows or Mac OS X users can get the update using the update mechanism built into the software. Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page. Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.
Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.