Adobe has issued 3 critical system updates for it’s popular Flash program, with one designed to stop a problem in a way Flash interacts with browsers, which could result in users’ key strokes transmitted to the attacker.
Adobe Flash Player versions 184.108.40.206, 220.127.116.11 and 18.104.22.168, and all previous versions running in all operating systems, are affected. According to Secuina, “An input validation error can be exploited to execute arbitrary code when a user e.g. visits a malicious website.” This problem effects version 22.214.171.124 and earlier.
Flash Player version 126.96.36.199 and earlier running on Solaris or Linux, malicious attackers could exploit the interaction between the player and certain browsers. This could potentially lead the keystrokes being leaked from the player. Version 9 is not affected.
Flash Player version 188.8.131.52 and earlier contain a bug due to insufficient HTTP referrer validation, and can be used to execute a cross-site forgery attack. Flash Version 9 is not affected.
Adobe recommends that people upgrade to Version 184.108.40.206 for Windows and Macs and 220.127.116.11 for Linux and Solaris. For the other two, Adobe has recommended that people upgrade to Flash Player 9.