Adobe issued an emergency update to its Flash Player to fix two zero-day threats, the company announced yesterday. The updates affect all versions of Flash on Windows, Mac, Linux, and Android.
The vulnerabilities currently are being exploited "in the wild," says Adobe's blog on the patches. According to the Kaspersky ThreatPost blog on the pair of zero-days, one attack targets "aerospace and other manufacturing companies" by tricking people into opening a Microsoft Word document with malicious Flash content embedded in it. The second zero-day targets Firefox and Safari on Mac OS X by tricking you into visiting Web sites hosting malicious Flash content, and it aims at Windows users by way of a Microsoft Word attachment delivered via e-mail.
Adobe listed on its blog the affected versions of Flash, and it recommended actions to take. Apple iOS is not affected, since it has never been compatible with Flash.
Adobe recommends users update their product installations to the latest versions:
Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149. Users of Adobe Flash Player 188.8.131.521 and earlier versions for Linux should update to Adobe Flash Player 184.108.40.2062. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 220.127.116.11 for Windows, Macintosh and Linux.
Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows. Users of Adobe Flash Player 18.104.22.168 and earlier versions on Android 4.x devices should update to Adobe Flash Player 22.214.171.124. Users of Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and earlier versions should update to Flash Player 188.8.131.52.
You can go to the Adobe Flash Player Download Center to update your version of Flash.