Adobe has released updates to fix seven vulnerabilities in Flash Player and one vulnerability in Adobe Reader and Acrobat which, the company says, is being exploited in the wild "...in limited, isolated attacks targeting Adobe Reader users on Windows." The OS X versions of Acrobat and Reader are not affected.
Users may update Acrobat and Reader with the Help > Check for Updates menu option. Flash Player users may download the latest version from Adobe at this page. Users of Internet Explorer on Windows 8 and above and of Google Chrome will receive browser updates from those companies with fixed versions of their integrated Flash Player.
The lone vulnerability in Acrobat and Reader for Windows could allow an attacker to circumvent sandbox protection. Users of Adobe Reader 11.x for Windows should update to version 11.0.08. Users of Adobe Reader 10.x for Windows should update to version 10.1.11.
The vulnerability was reported to Adobe by Costin Raiu and Vitaly Kamluk of Kaspersky Labs. In a blog entry, Raiu says that the attacks are very rare, but that it's still important for everyone to patch as soon as possible.
The seven vulnerabilities in Flash affect version 184.108.40.206 and earlier for both Mac and Windows, including the versions integrated into Chrome and IE. The new version will be 220.127.116.11 in most cases. Google Chrome users will get 18.104.22.168 and the NPAPI plugin for Firefox will be version 22.214.171.124.
Flash Player 126.96.36.1994 and earlier versions for Linux are vulnerable and users should update to 188.8.131.520.
As is always the case with Flash updates, Adobe AIR and the AIR SDK are also updated.