Adobe issues important fixes.
It has had to address two zero-day vulnerabilities that are being exploited in the wild. One (CVE-2013-0633) is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
The other serious flaw (CVE-2013-0634) is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Affected software versions include…
- Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
- Adobe Flash Player 188.8.131.521 and earlier versions for Linux
- Adobe Flash Player 184.108.40.206 and earlier versions for Android 4.x
- Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and 2.x
Find out what version of Flash you are running on a desktop or laptop here.
If you are running Flash on Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.
Visit the Adobe Flash Player Download Center for updates.