Adobe has released critical updates for Flash Player on Windows, Mac and Linux. Versions 184.108.40.206 and earlier for Windows and Macintosh and versions 220.127.116.116 and earlier versions for Linux are vulnerable to up to three vulnerabilities.
One of these, CVE-2014-0502, is being exploited in the wild. Click here for more detail on how the attack was found by security firm Fireeye and how it behaves.
The new version of Adobe Flash Player on Windows and Mac is 18.104.22.168. The new version for Linux is 22.214.171.1241. A Google Chrome update to version 33.0.1750.117 today includes the fixed Flash plugin bundled with that product. Microsoft has released an update for Windows 8.0 and 8.1 for the bundled Flash Player plugin in Internet Explorer 10 and 11.
Users may obtain the newest version of Adobe Flash Player from Adobe at get.adobe.com/flashplayer. Do not trust Flash Player installations or patches from any other source.
In addition to the zero-day flaw reported by Fireeye and the Google Security Team, two other vulnerabilities (CVE-2014-0498 and CVE-2014-0499) were reported to Adobe by Wen Guanxing of Venustech.