Flash users are asked to visit the About Flash page to check the Flash version installed on their computer.

It is alternatively possible to right-click on Flash content to see the Flash Player version in the context menu.

Adobe recommends to update Flash Player to the newest version 11.1.102.55 by downloading it from Adobe’s Flash Player Download Center. Is it alternatively possible to download Flash offline installers from the linked guide. Android users can update Flash by downloading the latest version from Android Market on their Android device. Google Chrome users do not need to run the update manually as it is automatically installed by the browser.

The security patch fixes several memory corruption, buffer overflow and stack overflow vulnerabilities in Adobe Flash Player that attackers could exploit to cause a crash on the system running Adobe Flash technologies. Code execution could then give the attacker control of the affected system.

Interested users can read the security bulletin over at the Adobe website. It offers additional information about each vulnerability found and download links to various technologies affected by the vulnerabilities.

The next big Flash release (that is Adobe Flash 11.2) will introduce automatic silent updates on Windows. This means that it will become more comfortable for Windows users to keep their installed version of Flash up to date on their system. See Flash Player 11.2 Introduces Automatic Updates for details.

Affected are more or less all Flash users. This includes Flash installations on Windows, Mac and Linux, the built-in Flash Player of the Google Chrome browser, Flash on Android and Flash in Adobe Reader and Acrobat.

• Flash Player 10.2.153.1 and earlier versions on Windows, Mac, Linux, Solaris
• Adobe Flash Player 10.2.154.25 and earlier for Chrome
• Adobe Flash Player 10.2.156.12 and earlier versions for Android
• Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

Adobe confirmed reports that the vulnerability is actively exploited. The vulnerability uses embedded Flash files in Microsoft Word documents to exploit the issue. According to Adobe’s information those are delivered as email attachments and targeting the Windows platform.

Adobe Reader and Acrobat do not appear to be targeted right now. Adobe Reader X users are protected from this exploit by the program’s Protected Mode.

Adobe is currently finalizing a schedule for delivering updates for all affected versions of Flash Player except for Adobe Reader X which will receive the update on the next quarterly security update on June 14, 2011.

How can users protect their system from these kind of attacks? You should be cautious when you receive document attachments, especially if they come from unknown senders. Probably the best option in this case is to save those attachments to the computer, and open them in an online viewer such as Google Docs.

You could alternatively use a third party document viewer that does not support Flash, but the safest bet is an online viewer.

Interested users find additional information about the newly discovered Flash vulnerability at the Adobe Security Bulletin.

User systems in the meantime were susceptible to those attacks. The latest critical vulnerability in Flash was revealed in a security advisory at the Adobe website.

The critical vulnerability in all Flash Player versions for all supported operating systems – yes even Android – impacts not only systems running Flash, but also systems running Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4.

Adobe states that “this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system” with reports that the vulnerability is already actively exploited in the wild “against Adobe Flash Player on Windows”.

Adobe expects to provide an update during the week of September 27 for Adobe Flash Player, and October 4 for Adobe Reader and Acrobat.

Until then, all users running Adobe Flash or Adobe Reader / Acrobat are vulnerable to the critical vulnerability. Make sure your security software detects the vulnerability and blocks it from execution.

One question that Chrome readers may have in mind: Is the build in Flash plugin also susceptible for attacks? In short, yes it is. The latest Chrome internal Flash Player plugin version is listed as 10.1.82.76, which is exactly the version that is vulnerable. The design of the browser may however mitigate the impact on the system, as may the out of process feature of the Firefox web browser.

We say may because we have no confirmation at this point.

Adobe published a temporary workaround to protect the computer system against this form of attack that users should apply until the release of a patch that would fix the critical issue.

To apply the workaround users should visit the Flash Player’s Settings Manager by following the link. There they should click on the Always Deny button which would prevent any website from accessing the microphone and webcam settings.

The new setting has to be confirmed in the popup that appears automatically after clicking on the Always deny button. The patch is said to be available before the end of October.

If the system meets the requirements the exploit is used to download and execute trojans that steal information and droppers that download additional trojans. Information that are stolen are for example World of Warcraft account information while the droppers download files that add the computer to a botnet. (according to Trendmicro)

Most antivirus companies have already updated their software to disable the possibility that this exploit can be used on the computer the software is running on. Your best bet if you do not use antivirus software is to either disable Flash for now or use an extension like NoScript to block Flash on every domain but trusted ones.