Adobe has issued a new Security Bulletin [APSB13-28] for its Flash Player. The fixes address two critical security vulnerabilities. According to Adobe, the affected software versions are:
- Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
- Adobe Flash Player 18.104.22.1687 and earlier versions for Linux
- Adobe AIR 22.214.171.1240 and earlier versions for Windows and Macintosh
- Adobe AIR 126.96.36.1990 and earlier versions for Android
- Adobe AIR 188.8.131.520 SDK and earlier versions
- Adobe AIR 184.108.40.2060 SDK & Compiler and earlier versions
Note that Adobe’s AIR software is also affected. You can check the version of Flash Player that you have, at any time, by visiting the Adobe “About Flash” page.
The new version of Flash Player for Windows and Mac OS X is 11.9.900.170; for Linux, the new version is 220.127.116.112. Please see the Security Bulletin for information on Android versions.
Flash Player has always been a popular target for attackers, because it is so widely installed across different platforms. There is some evidence that the vulnerabilities addressed by these fixes are being exploited; therefore I recommend that you update your system as soon as you conveniently can.
Users of Google’s Chrome browser, and of Internet Explorer 10 or 11 on Windows 8/8.1, should get the updated version automatically via the built-in update mechanism. Other users can obtain the new version from the Flash Player Download page.