Adobe this week released Flash Player version 18.104.22.168 to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," including Mac, Windows, Linux, and Chrome OS.
Mac users with Flash Player version 22.214.171.124 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also available from the Adobe Flash Player Download Center.
Flash Player users who had enabled the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 126.96.36.199. Select "About Google Chrome" under the Tools menu to verify the browser is up-to-date.
Adobe said the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro.
Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released fifteen Flash Player security updates over the past year.
In 2010, Apple co-founder Steve Jobs shared his "Thoughts on Flash," in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was "the number one reason Macs crash," while criticizing its performance on mobile devices. "Flash was created during the PC era – for PCs and mice," he opined.