Adobe today released security updates for Flash Player, AIR, Shockwave Player, Acrobat and Reader. The updates for Flash Player and Shockwave Player on Windows and Mac address a vulnerability which Adobe classifies as Priority 1, which indicates that it is being exploited in the wild at a high risk of exploit.
The updated versions of Flash Player on Windows and Mac are 11.8.800.168 and 11.7.700.242. Earlier 11.7 and 11.8 versions are vulnerable. Updates are also available for Flash Player on Linux and Android, as well as Adobe AIR and the Adobe AIR SDK. These are not as severe and updating is not as high a priority.
The updates for Reader and Acrobat are classified as less urgent. They are important vulnerabilities, but not being exploited.
The affected versions of Flash and AIR are:
- Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh
- Adobe Flash Player 220.127.116.117 and earlier versions for Linux
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x
- Adobe AIR 126.96.36.1990 and earlier versions for Windows and Android
- Adobe AIR 188.8.131.520 and earlier versions for Macintosh
- Adobe AIR 184.108.40.2060 SDK & Compiler and earlier versions for Windows
- Adobe AIR 220.127.116.110 SDK & Compiler and earlier versions for Macintosh
The affected versions of Adobe Reader and Acrobat are:
- Adobe Reader and Acrobat X (10.1.7) and earlier versions for Windows and Macintosh
- Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh
Users can update to the latest version of Adobe Flash Player at http://get.adobe.com/flashplayer. Users can update Adobe Reader and Acrobat from the Help menu ("Check for Updates...")
(Correction: An earlier version of this story stated that the Flash and Shockwave updates were being exploited in the wild. They are not; they are at a high risk of exploit.)