Adobe for the second time this month has released Flash Player security updates to address critical vulnerabilities that could potentially allow an attacker to take control of Mac, Windows, Linux, and Chrome OS systems.
Adobe gave the security fixes its highest severity rating, meaning users should immediately update to the latest Flash Player version through the built-in update mechanism, or by visiting the Adobe Flash Player Download Center.
Adobe said the security updates resolve a use-after-free vulnerability that could lead to code execution, as discovered by Google's Threat Analysis Group. Adobe said it was aware of the exploit being used in "limited, targeted attacks" against users running Windows 7 or later only, but Mac users could still be affected and should update out of an abundance of caution.
Affected versions of Flash Player for Mac:
- Adobe Flash Player version 184.108.40.206 and earlier
- Adobe Flash Player for Google Chrome version 220.127.116.11 and earlier
Mac users running Flash Player 11.3.x or later who have selected the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 18.104.22.168. Select "About Google Chrome" under the Tools menu to verify the browser is up-to-date.
Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released a dozen Flash Player security updates over the past year.
In 2010, late Apple co-founder Steve Jobs penned an article called "Thoughts on Flash" in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was "the number one reason Macs crash" and criticized its performance on mobile devices. "Flash was created during the PC era – for PCs and mice," he wrote.