Adobe released security update that fixes an object confusion vulnerability in Flash Player that allows attacker to crash the player and take control over the affected system. Company advisory says there numerous reports that the vulnerability is being actively exploited in the course of targeted e-mail spam attack that uses social engineering techniques.
The only known functional exploit targets Flash Player on Internet Explorer on Windows though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the product.
The Adobe Flash Player update for Windows, Mac OS X and Linux is strongly recommended to anyone using version 11.2.202.233 or earlier. Google Chrome's built in Flash Player is updated automatically via the silence update functional.
Vulnerability description is accessible here:
http://www.naked-security.com/nsa/209301.htm
