Adobe this week released a critical Flash Player update for Mac, Windows, Linux, and Chrome OS computers. Flash Player version 22.214.171.124 addresses (say it with me) “critical vulnerabilities that could potentially allow an attacker to take control of the affected system,”
Mac users that have Flash Player version 126.96.36.199 or earlier installed should immediately update to the latest version of the Player plug-in either via the built-in mechanism or from the Adobe Flash Player Download Center. Users who have enabled the Player to “allow Adobe to install updates” will receive the update automatically.
Google Chrome will automatically update its built-in Flash Player to the latest version. Click on “About Google Chrome” in the Tools menu of the Chrome browser to verify the browser has updated to version 188.8.131.52. (Or, enter “chrome://plugins/” in the address field.) Safari on macOS deactivates Flash by default, only enabling the plug-in when requested to by the user.
MacRumors notes that Adobe says the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro.
This update marks the fifteenth time Adobe has released a security update for the hole- and bug-ridden plug-in during the past year.