“Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform,” Adobe described in its security bulletin.
Affected software versions include: Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.
So far, the attacks that have been seen have targeted Windows users. But Mac users shouldn’t think they are invulnerable. They need to patch as well if they are running a vulnerable version of Flash.
MORE: How to Tell if Adobe Flash Player Update is Valid
This is good reminder that Mac and Windows users can become potential victims of flaws in third-party vendors’ software (such as Microsoft Office, Java, or in this particular case Adobe Flash Player). Mac users should not just be on the lookout for patches from Apple.
From Adobe’s security bulletin (APSB14-13), the following describes the vulnerability patched in these updates:
These updates resolve a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0515).
Users of Adobe Flash Player 13.0.0.182 and earlier versions for Windows and users of Adobe Flash Player 13.0.0.201 and earlier versions for Mac should update to Adobe Flash Player 13.0.0.206 immediately.
Users of Adobe Flash Player 11.2.202.350 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.356. Adobe Flash Player 13.0.0.182 installed with Google Chrome will automatically be updated to the latest Google Chrome versions, which will include Adobe Flash Player 13.0.0.206 for Windows, Macintosh and Linux.
For users of Flash Player 11.7.700.275 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 13.0.0.206, Adobe has made available the update Flash Player 11.7.700.279, which can be downloaded here.
