Adobe has issued a new Security Bulletin [APSB13-28] for its Flash Player. The fixes address two critical security vulnerabilities. According to Adobe, the affected software versions are:
- Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
- Adobe Flash Player 184.108.40.2067 and earlier versions for Linux
- Adobe AIR 220.127.116.110 and earlier versions for Windows and Macintosh
- Adobe AIR 18.104.22.1680 and earlier versions for Android
- Adobe AIR 22.214.171.1240 SDK and earlier versions
- Adobe AIR 126.96.36.1990 SDK & Compiler and earlier versions
Note that Adobe’s AIR software is also affected. You can check the version of Flash Player that you have, at any time, by visiting the Adobe “About Flash” page.
The new version of Flash Player for Windows and Mac OS X is 11.9.900.170; for Linux, the new version is 188.8.131.522. Please see the Security Bulletin for information on Android versions.
Flash Player has always been a popular target for attackers, because it is so widely installed across different platforms. There is some evidence that the vulnerabilities addressed by these fixes are being exploited; therefore I recommend that you update your system as soon as you conveniently can.
Users of Google’s Chrome browser, and of Internet Explorer 10 or 11 on Windows 8/8.1, should get the updated version automatically via the built-in update mechanism. Other users can obtain the new version from the Flash Player Download page.