Yesterday Adobe published a security bulletin for Flash Player it’s web browser plugin and Adobe AIR, its application runtime. While the reason for releasing this update outside of it’s usual schedule of the second Tuesday of each month is unknown, Wolfgang Kandek of Qualys offers some possible explanations as to why this update has been released at this time.
This update brings Flash Player to version 126.96.36.199 and resolves 23 CVEs (defined).
Flash Player updates for Linux, Apple Mac OS X and Windows are available from this link (which can be used if you don’t have automatic updating enabled or simply wish to install the update as soon as possible). Moreover only Flash Player is installed by the installers included on that page, no additional unwanted is offered/included.
Users of Google Chrome 45 have also received this update. Microsoft has announced the availability of their Flash update by updating this security advisory for users of Microsoft Edge on Windows 10 and Internet Explorer 10 and 11 installed on Windows 8.0 and 8.1 respectively.
I would recommend that if you use Flash Player (you can check it its installed using this page), that you install the necessary updates as soon as possible. It is only a matter of time before these security issues will be used by exploit kits to install malware/carry out malicious actions.
To add a further layer of protection, please follow my recommendation to enable the ASR mitigation of Microsoft EMET as detailed in this post in order to mitigate against Flash based vulnerabilities being exploited in applications that can open Microsoft Office documents and/or Adobe PDF files.