updated 10:35 pm EDT, Fri May 4, 2012
'Priority 1' issue affects PC, Mac, Android
A "critical" security issue that can cause the Flash plug-in to crash and allow a malicious program potential access to the system is addressed in the latest Adobe security update for both the Flash player standalone program for CS users and web browser plug-in for Macs, Windows and Android systems. Users are strongly advised to upgrade to version 18.104.22.168 on Macs and Windows, and v22.214.171.124 on Android (version 126.96.36.199 for Android 4.0).
The vulnerability is referred to obliquely in Adobe's Security Bulletin accompanying the release, but the update is available either through the program's own auto-update mechanism or by visiting the Flash Player update page. Adobe reports that instances of the malicious takeover technique have been seen "in the wild" exploiting Internet Explorer, but the vulnerability could affect any other of the mentioned platforms.
The company lists some known issues with even this latest version, including two flaws specific to the Mac: the mouse cursor does not change to the hand pointer when mousing over TLF links, and Adobe AIR crashes in late-model Macs running 10.7.2. Flash has been saddled with numerous security issues over the years, which has fostered a haste to move to the HTML5 standard whenever possible (such as for video and audio content delivery).