Adobe has released a critical update for Flash Player versions 18.104.22.168 and earlier for Windows, OS X, Linux and Solaris and versions 22.214.171.124/126.96.36.199 and earlier for Android.
The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.
Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.
Non-Chrome browser users can get the latest version (188.8.131.52) by surfing to http://get.adobe.com/flash and running the installer for your platform.
Android users should visit the Android Marketplace and search for Adobe Flash Player. iOS users don’t need to worry as Apple devices don’t work with Flash 🙂
CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.
CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.
As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won’t be long.