Adobe has released a patch for two vulnerabilities that are being used in attacks in the wild. The first vulnerability, CVE-2013-0633, is being sent as targeted attacks in emails containing Microsoft Word documents that have malicious Flash content run by a macro. The second vulnerability, CVE-2013-0634 is also being delivered via malicious Flash content, but this exploit is being used in two different methods of attack:
- One is hosted on websites that target Flash Player in Firefox or Safari on Macs
- The other is (like the first vulnerability) sent via email with a Microsoft Word document containing malicious Flash (SWF) content.
The Word docs seen at this time are only affecting Windows users, and the emails have been directed at people within the aerospace industry.
The vulnerable version of Adobe Flash Player has now been included, much like vulnerable Java versions, in XProtect’s block list. If your Flash version is outdated, you’ll see an error message indicating a blocked plugin when trying to run any Flash content. Apple has a support page that describes what to do if you see this error message.
This is a good reminder to allow automatic updates, especially for popularly targeted browser plugins like Java and Flash. You may also wish to enable “click to play” functionality in your browser of choice, as this sort of attack becomes increasingly common.