Adobe on Tuesday released a security bulletin addressing three vulnerabilities in its Flash product. If you use Flash on Windows, Mac, or Linux, you should download the new version and update as soon as possible.
Two of the vulnerabilities are being exploited in the wild as part of targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash content. In this case, the exploit is designed to target Flash Player in Mozilla’s Firefox.
The security patch is available for multiple versions; here’s the full list of upgrades Adobe is recommending:
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows and Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to the newest version 11.6.602.171 by downloading it from the Adobe Flash Player Download Center. Users of Flash Player 11.2.x or later for Windows and users of Flash Player 11.3.x or later for Macintosh will receive the update automatically if they have selected the option to “Allow Adobe to install updates” or will be prompted to download it.
- Users of Flash Player 10.3.183.63 and earlier versions for Windows and Flash Player 10.3.183.61 and earlier versions for Macintosh who cannot update to Flash Player 11.6.602.171, can download the Flash Player 10.3.183.67 update from here.
- Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux can update to Adobe Flash Player 11.2.202.273 by downloading it from the Adobe Flash Player Download Center.
- Users of Flash Player 10.3.183.61 and earlier versions for Linux who cannot update to Flash Player 11.2.202.273 can grab the Flash Player 10.3.183.67 update from here.
- Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh, and Linux.
- Adobe Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.6.602.171 for Windows. Microsoft has also revised its corresponding Security Advisory.
In short, make sure Adobe Flash gets updated regardless of what browser or platform you’re on.
Today’s emergency patch is the third update to Flash this month. Details about the vulnerabilities are here: CVE-2013-0504, CVE-2013-0648, and CVE-2013-0643.
See also: Mozilla to enable Click to Play for all Firefox plugins by default, except the latest Flash version
Image credit: Vangelis Thomaidis
Get the TNW newsletter
Get the most important tech news in your inbox each week.