Adobe has released an update for Flash Player to mitigate multiple vulnerabilities which could allow an attacker to remotely take control of an infected system or cause a denial-of-service.
Adobe classified these vulnerabilities as critical. The affected software versions include the following:
- Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x
- Adobe Air 22.214.171.12480 and earlier versions for Windows, Macintosh, and Android
Adobe noted that the Flash Player 126.96.36.199 and earlier versions for Android 4.x are not at risk from these vulnerabilities. The company recommends the following mitigation:
- Adobe recommends users of Adobe Flash Player 188.8.131.52 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 184.108.40.206 by downloading it from the Adobe Flash Player Download Center. Users of Adobe Flash Player 220.127.116.11 and earlier versions for Solaris should update to Adobe Flash Player 18.104.22.168 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.183.16 or later for Macintosh can install the update via the update mechanism within the product when prompted.
- For users who cannot update to Flash Player 22.214.171.124, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18, which can be downloaded here.
- Users of Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and earlier versions should update to Flash Player 188.8.131.52 by browsing to the Android Marketplace on an Android device.
- Adobe recommends users of Adobe AIR 184.108.40.20680 and earlier versions for Windows, Macintosh and Android update to Adobe AIR 220.127.116.110.
More information on the vulnerabilities and recommended mitigation can be found here:
Adobe has also announced that Flash Player 11.2 for Windows is now equipped with an automatic update feature to help users maintain the most current version of the software.
"If you read this September 2011 CSIS report, then you saw that 99.8 percent of malware installs through exploit kits are targeting out-of-date software installations. This point was reiterated recently in volume 11 of the Microsoft Security Intelligent Report. Also, attackers have been taking advantage of users trying to manually search for Flash Player updates by buying ads on search engines pretending to be legitimate Flash Player download sites. Improving the update process is probably the single most important challenge we can tackle for our customers at this time," the Adobe blog noted.
More information on the new updater feature can be found here: