In light of a reported, zero-day vulnerability in the Flash player component for all versions of Internet Explorer over the weekend, it's not surprising to see that a critical Flash Player update has been released by Adobe today. However, the update is not what you think. It does not address the zero-day weekender, but seeks to plug a different hole in Adobe software.
The new update will be installed automatically for those using IE10, IE11, and Google Chrome, but those using earlier versions of Internet Explorer should grab this update to patch immediately. Also, Adobe's reported flaw also affects Windows, Mac, and Linux systems running versions of Flash Player as follows…
- Users of Adobe Flash Player 188.8.131.52 and earlier versions for Windows should update to Adobe Flash Player 184.108.40.206.
- Users of Adobe Flash Player 220.127.116.11 and earlier versions for Macintosh should update to Adobe Flash Player 18.104.22.168.
- Users of Adobe Flash Player 22.214.171.1240 and earlier versions for Linux should update to Adobe Flash Player 126.96.36.1996.
Keep in mind, this does NOT address the IE flaw reported over the weekend. This Adobe security problem stands on its own.
More information can be found in Adobe Security Bulletin APSB14-13: Security updates available for Adobe Flash Player
Microsoft has mirrored the release of Adobe's security bulletin with a security announcement of it's own: Microsoft Security Advisory 2755801