Adobe issued a security bulletin for Flash Player on Windows, Macintosh, Linux, Solaris and Android. Described as a priority 2 update, Adobe said the flaw has existed for awhile, but there are no known exploits and it expects the situation to stay that way in the immediate future.
The critical flaws are a memory corruption vulnerability in Matrix3D that “could lead to code execution”, reported by Google Security Team’s Tavis Ormandy, and integer errors that “could lead to information disclosure”, reported by fellow team member Fermin J Serna. This is the second update in less than a month for Flash Player, with seven critical flaws fixed in an update February 16.
The affected versions of Flash Player are the Windows, Mac, Linux and Solaris versions 126.96.36.199 and earlier, Android 4.x 188.8.131.52 and earlier, and Android 3.x and 2.x versions 184.108.40.206 and earlier. Fixes are available for Windows, Mac, Linux and Solaris by downloading Flash Player 220.127.116.11 or later from Adobe.
For Android 2.x, 3.x and 4.x, users can update by going to the Android Market Place on the device and downloading version 18.104.22.168 for Android 4.x and 22.214.171.124 for Android 3.x and 2.x.
Earlier this week, Google updated its Chrome browser and it also updated the bundled Flash Player to 126.96.36.199, which concurs with the Adobe update.