Typically Adobe updates its ubiquitous Flash Player plugin quarterly in line with Microsoft’s monthly Patch Tuesday updates. This week they have jumped the gun by one week, and so should you.
Adobe have fixed 7 critical remote execution vulnerabilities in Flash Player for not just Windows and Mac, but also Linux and Android.
Users of Flash Player for Windows and Mac should update to 11.5.502.110, Linux to 22.214.171.124, Android 4 to 126.96.36.199 and Android 3 to 188.8.131.52.
To determine which version of Flash you are running you can visit http://www.adobe.com/software/flash/about/.
This may sound easier than it really is for Windows users. There are separate downloads for Firefox/Safari and Internet Explorer 9 and earlier.
The easiest way, regardless of platform (except for Google Chrome users) is to visit http://get.adobe.com/flashplayer. If you use both Internet Explorer 9 or earlier and Firefox/Safari you will need to download it for each browser.
If you don’t want to be annoyed by the “bloatware” addons that Adobe offers to install by default when downloading from get.adobe.com you can get the plain versions at http://www.adobe.com/products/flashplayer/distribution3.html (Thanks Brian Krebs for the tip!).
Google Chrome users were automatically updated by the latest Chrome update and should not need to take any action, other than acknowledging the restart of Chrome for the fix.
Flash Player remains one of the most exploited plugins used in drive by web attacks, so it is sensible to update as soon as possible.
IT administrators can consider this a dry run for next week’s Patch Tuesday. Stay vigilant my friends…Follow @chetwisniewski