Adobe Systems has released a brand new Adobe Flash security update to patch a zero-day flaw in its Flash Player software, updating to version 18.104.22.168 for Mac and Windows. This is the second Flash Player update Adobe has issued this month.
"Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform," Adobe described in its security bulletin.
Affected software versions include: Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Adobe Flash Player 126.96.36.199 and earlier versions for Macintosh, and Adobe Flash Player 188.8.131.520 and earlier versions for Linux.
So far, the attacks that have been seen have targeted Windows users. But Mac users shouldn't think they are invulnerable. They need to patch as well if they are running a vulnerable version of Flash.
This is good reminder that Mac and Windows users can become potential victims of flaws in third-party vendors' software (such as Microsoft Office, Java, or in this particular case Adobe Flash Player). Mac users should not just be on the lookout for patches from Apple.
From Adobe's security bulletin (APSB14-13), the following describes the vulnerability patched in these updates:
These updates resolve a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0515).
Users of Adobe Flash Player 184.108.40.206 and earlier versions for Windows and users of Adobe Flash Player 220.127.116.11 and earlier versions for Mac should update to Adobe Flash Player 18.104.22.168 immediately.
Users of Adobe Flash Player 22.214.171.1240 and earlier versions for Linux should update to Adobe Flash Player 126.96.36.1996. Adobe Flash Player 188.8.131.52 installed with Google Chrome will automatically be updated to the latest Google Chrome versions, which will include Adobe Flash Player 184.108.40.206 for Windows, Macintosh and Linux.
For users of Flash Player 11.7.700.275 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 220.127.116.11, Adobe has made available the update Flash Player 11.7.700.279, which can be downloaded here.