Adobe Systems Inc. today issued a security update to its Flash Player software. The company stressed that the update fixes a critical vulnerability that malicious actors have been using in targeted attacks.
Adobe classifies a security flaw as critical if it can be used to break into vulnerable machines without any help from users. The company said the vulnerability (CVE-2012-0779) fixed in the version released today has been exploited in targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message, and that the exploit used in the attacks seen so far target Flash Player on Internet Explorer for Windows only.
Nevertheless, there are updates available for Flash Player versions designed for all operating systems that Adobe supports, including Mac, Linux and Android devices.
Adobe is urging users of Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 126.96.36.199. Windows users of Flash Player 11.2.x who have selected the silent update option will receive the update automatically. Flash Player installed with Google Chrome is updated automatically, so no user action should be required for Chrome users. Users of Adobe Flash Player 188.8.131.52 and earlier versions on Android 4.x devices should update to Adobe Flash Player 184.108.40.206. Users of Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and earlier versions should update to Flash Player 18.104.22.168.
To find out if you have Flash installed, or which version is on your system, visit this link. If you have trouble updating your Flash version, consider uninstalling the program using Adobe’s Flash removal tool, rebooting, and then reinstalling the latest version. Updates are available via the Adobe Flash Player Download Center. Direct links to the OS-specific downloads are here.