Adobe Systems fixed nine vulnerabilities in Flash Player that allow attackers to record users’ keystrokes or take complete control of their computers.
These are Flash Player updates you’ll want to install, unlike the malicious one served from the North Korean news agency site.
The updates, Flash Player 18.104.22.1687 for Windows and Mac and Flash Player 22.214.171.1249 for Linux, address seven remote code execution vulnerabilities, an information disclosure flaw that can be exploited to capture keystrokes and a lower-risk file validation issue.
The company also included the fixes in its Flash Player Extended Support Release (ESR), an older Flash Player version used by organizations that prefer stability over new functionality. The updated ESR version is 126.96.36.1990.
Users of Google Chrome and Internet Explorer on Windows 8 or 8.1 will automatically receive the Flash Player updates through the update mechanisms of those browsers.
Adobe AIR, a framework for developing and running rich Internet applications, has also been updated because it bundles Flash Player. The AIR desktop runtime was updated to version 188.8.131.52, the AIR SDK (Software Development Kit) and Compiler were updated to version 184.108.40.2062 and Adobe AIR for Android was updated to version 220.127.116.112.
Outdated Flash Player browser plug-ins are a common target in drive-by download attacks that install malware through silent exploits hosted on compromised websites. Users should always make sure they’re running the latest versions of Flash Player, Java, Silverlight, Adobe Reader and other programs that install browser plug-ins.