Adobe has released new versions of Flash Player for Windows, Mac and Linux to strengthen protections against a vulnerability originally mitigated without mention last month.
Adobe recommends that all Flash Player users update. Microsoft will be releasing updates to Internet Explorer 10 and 11 and Google to Chrome to fix the Flash Players embedded in them. The new version for Windows and Mac will be 18.104.22.168. The new Adobe Flash Player Extended Support Release version is 22.214.171.1248. The new Flash Player for Linux version is 126.96.36.1994.
To determine the version of Flash Player you are running, go to the About Flash Player page. Users can update by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
The vulnerability is CVE-2014-8439, reported by Sébastien Duquette of ESET, Timo Hirvonen of F-Secure and Kafeine. Adobe describes the update as a use after free vulnerability.
According to Adobe, prior to the October 14, 2014 APSB14-22 update there were no known exploits of CVE-2014-8439. Currently there are no known exploits that will be successful on systems on which the APSB14-22 updates were applied. This new update appears to address some limitations in that earlier update.
CVE-2014-8439 itself did not appear in the APSB14-22 bulletin until a revision today.