Adobe gave the security fixes its highest severity rating, meaning users should immediately update to the latest Flash Player version through the built-in update mechanism, or by visiting the Adobe Flash Player Download Center.
Adobe said the security updates resolve a use-after-free vulnerability that could lead to code execution, as discovered by Google's Threat Analysis Group. Adobe said it was aware of the exploit being used in "limited, targeted attacks" against users running Windows 7 or later only, but Mac users could still be affected and should update out of an abundance of caution.
Affected versions of Flash Player for Mac:
- Adobe Flash Player version 184.108.40.206 and earlier
- Adobe Flash Player for Google Chrome version 220.127.116.11 and earlier
Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released a dozen Flash Player security updates over the past year.
In 2010, late Apple co-founder Steve Jobs penned an article called "Thoughts on Flash" in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was "the number one reason Macs crash" and criticized its performance on mobile devices. "Flash was created during the PC era – for PCs and mice," he wrote.