Adobe has released security updates for Adobe Flash Player 11.5.502.146 and earlier versions for Macintosh to address flaws being exploited in the wild. The security issues addressed affect all operating system platforms. Resolved in Adobe’s software update are vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
The security update for Adobe Flash Player covers two vulnerabilities, CVE-2013-0633 and CVE-2013-0634, both of which are being exploited in the wild in targeted attacks. Following are details of the two flaws as described in Adobe’s security bulletin:
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Users of Adobe Flash Player 11.5.502.146 and earlier versions for Mac OS X should download the 16.09 MB update to Adobe Flash Player 11.5.502.149 immediately. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 220.127.116.11 for Mac, Linux, and Windows platforms.