Adobe has issued 3 critical system updates for it’s popular Flash program, with one designed to stop a problem in a way Flash interacts with browsers, which could result in users’ key strokes transmitted to the attacker.
Adobe Flash Player versions 18.104.22.168, 22.214.171.124 and 126.96.36.199, and all previous versions running in all operating systems, are affected. According to Secuina, “An input validation error can be exploited to execute arbitrary code when a user e.g. visits a malicious website.” This problem effects version 188.8.131.52 and earlier.
Flash Player version 184.108.40.206 and earlier running on Solaris or Linux, malicious attackers could exploit the interaction between the player and certain browsers. This could potentially lead the keystrokes being leaked from the player. Version 9 is not affected.
Flash Player version 220.127.116.11 and earlier contain a bug due to insufficient HTTP referrer validation, and can be used to execute a cross-site forgery attack. Flash Version 9 is not affected.
Adobe recommends that people upgrade to Version 18.104.22.168 for Windows and Macs and 22.214.171.124 for Linux and Solaris. For the other two, Adobe has recommended that people upgrade to Flash Player 9.