If dealing with MacDefender weren’t enough, Adobe has now released a new version of Flash Player to address an important vulnerability. Adobe says:
This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
To determine what version of Flash Player you’re running, visit the Adobe Flash Player page, which tells you your version and what the latest version is. If there’s any mismatch, download the latest version (10.3.181.22 currently) from the Adobe Flash Player Download page.
In the previous release of Flash Player for Mac OS X, 10.3.181.14, Adobe added a System Preference pane that provides automatic update notification. We assume this means that Flash Player will notify you when future updates are necessary; ideally it will also automatically update Flash Player as well.
Regardless, we strongly recommend upgrading to the latest Flash Player to take advantage of the automatic update notifications and eliminate the known vulnerabilities.