Adobe has released a critical security update for its Flash Player plug-in for Windows, Mac and Linux – the second in less than three weeks. The update addresses a zero-day exploit first uncovered by security firm FireEye a week ago that targeted visitors of at least three nonprofit websites.

The security firm said Peterson Institute for International Economics (, the American Research Center in Egypt ( and the Smith Richardson Foundation ( were all compromised using remote code injection. Traffic to these sites was redirected to a server that contained a hidden iframe running the exploit.

Given the nature of the nonprofits, FireEye said they believe those responsible for the attacks have sufficient resources and are committed to infecting those visiting a particular type of website. Two of the sites in question focus on national security and public policy which led the firm to speculate that the attackers infected visitors for follow-on data theft.

In a security bulletin on the matter, Adobe said Flash Player and earlier versions for Windows and Macintosh, version and earlier versions for Linux, AIR and earlier versions for Android, AIR SDK and earlier versions and AIR SDK & Compiler and earlier versions are all affected.

The new version of Flash Player for Windows and Mac is while the newest for Linux is Naturally, you’ll want to download and apply the patch ASAP.