Adobe this week released a critical Flash Player update for Mac, Windows, Linux, and Chrome OS computers. Flash Player version 220.127.116.11 addresses (say it with me) “critical vulnerabilities that could potentially allow an attacker to take control of the affected system,”
Mac users that have Flash Player version 18.104.22.168 or earlier installed should immediately update to the latest version of the Player plug-in either via the built-in mechanism or from the Adobe Flash Player Download Center. Users who have enabled the Player to “allow Adobe to install updates” will receive the update automatically.
Google Chrome will automatically update its built-in Flash Player to the latest version. Click on “About Google Chrome” in the Tools menu of the Chrome browser to verify the browser has updated to version 22.214.171.124. (Or, enter “chrome://plugins/” in the address field.) Safari on macOS deactivates Flash by default, only enabling the plug-in when requested to by the user.
MacRumors notes that Adobe says the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro.
This update marks the fifteenth time Adobe has released a security update for the hole- and bug-ridden plug-in during the past year.