Critical Flash Update Fixes Zero-day Flaw – Krebs on Security

Adobe Systems Inc. today issued a security update to its Flash Player software. The company stressed that the update fixes a critical vulnerability that malicious actors have been using in targeted attacks.

Adobe classifies a security flaw as critical if it can be used to break into vulnerable machines without any help from users. The company said the vulnerability (CVE-2012-0779) fixed in the version released today has been exploited in targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message, and that the exploit used in the attacks seen so far target Flash Player on Internet Explorer for Windows only.

Nevertheless, there are updates available for Flash Player versions designed for all operating systems that Adobe supports, including Mac, Linux and Android devices.

Adobe is urging users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Windows users of Flash Player 11.2.x who have selected the silent update option will receive the update automatically. Flash Player installed with Google Chrome is updated automatically, so no user action should be required for Chrome users. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9.

To find out if you have Flash installed, or which version is on your system, visit this link. If you have trouble updating your Flash version, consider uninstalling the program using Adobe’s Flash removal tool, rebooting, and then reinstalling the latest version. Updates are available via the Adobe Flash Player Download Center. Direct links to the OS-specific downloads are here.