A notice of advisory and recommended update for Adobe Flash Player was forwarded to us by Jim Hamm. He says, "To check which version you're running click the 'About Flash Player' link and it will show you which version you've got. Odds are it's the vulnerable version. To download the newest version click the 'Flash Player Download Center,' then install the download."
Now, Art Gorski and David Passell jump in with some important additions to this discussion.
Art passes along this warning: "Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Yet another reason to use Apple's Preview instead. Note that many Adobe installers (Photoshop, etc.) will install Adobe Reader whether you want it or not."
Now David tells of his experience with the Flash Player security update: "Thanks to Jim for the posting regarding Flash Player security, but statement in the blog "click the 'About Flash Player' link (blue) is misleading.
"When you click on that link you are taken to the Adobe Security Page. At first glance it is a lot of verbage and overchoice without clear guidelines. You have to go down into the second paragraph or so to find:
"Affected software versions:
Adobe Flash Player 10.0.32.18 and earlier versions Adobe AIR 1.5.2 and earlier versions
To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select 'About Adobe (or Macromedia) Flash Player' from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
"When you click on above link then you find out what you have.
"In my case when I first went to the page I didn't see that, but the Firefox browser popped up with an update to 3.5.6 which I installed. The Firefox description did not immediately tell me what had changed. If I wanted to dig around I might find that Flashplayer was updated.
"In any case I went back to the Adobe page mentioned in the link in the Blog posting, and then clicked on the 'About Flash Player page.' I found that I had the secure version.
And David adds, "(Somewhere in the second go-around I got the message 'software update installed successfully' or words to that affect (poor short-term memory).:)"