ARS Technica writes Adobe has issued an emergy patch for two Flash player vulnerabilities that are exploited in the wild to install malware. The Windows and OS X versions of Flash are the only ones reported to be under attack, but updates for Linux and Android were published as well.
The Mac exploits target users of the Safari browser included in Apple's OS X, as well as those using Mozilla's Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory. Adobe credited members of the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE with discovery of the critical bug.
The other bug under attack, CVE-2013-0633, also works by tricking Windows users into opening a Word document containing malicious Flash content. It was discovered by researchers from antivirus provider Kaspersky Lab.