Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adobe has indicated that one of the vulnerabilities is currently being exploited in targeted attacks via a malicious link delivered in an email message. These vulnerabilities affect Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB11-26 and apply any necessary updates to help mitigate the risks. Google Chrome users should update to Chrome 14.0.835.186 to address these vulnerabilities.