Adobe Flash Player update closes critical object confusion hole
Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player.
An update to Adobe Flash Player 18.104.22.168 on Windows, Mac OS X and Linux should be applied by anyone running version 22.214.171.124 or earlier. The version of Flash player being run can be verified by visiting the Flash Player About page and can be obtained from Adobe's Flash Player Download page. Windows users should be able to also activate the silent update recently introduced to Flash Player.
Google Chrome's Flash Player has already been updated automatically. Android users should, depending on their version of Android, update their players; Android 4.0 users running 126.96.36.199 and earlier should update to 188.8.131.52 and Android 3.0 users running 184.108.40.206 and earlier should update to 220.127.116.11. In either case, users should browse to Google Play and its Flash Player page for the update.