Adobe has released security updates for Adobe Flash Player for all platforms. Adobe Flash Player 11.5.502.149 security update is released for Windows and Macintosh, Adobe Flash Player 188.8.131.522 for Linux, Adobe Flash Player 184.108.40.206 for Android 4.x, and Adobe Flash Player 220.127.116.11 for Android 3.x and 2.x are released. Security update for Windows and Macintosh addressed issues which are rated critical by Adobe. For all supported platforms, these updates addresses vulnerabilities referred as CVE-2013-0633, CVE-2013-0634 (details later). These vulnerabilities could potentially allow an attacker to take control of the affected computer system and may cause a crash.
Out of the two vulnerabilities discovered in Adobe Flash Player, Adobe reports that CVE-2013-0633 is being exploited in the wild. It is a targeted attack designed to trick a user to open a Microsoft Word document. The document is sent via email and has malicious Flash (SWF) content. It targets the ActiveX version of Flash Player on Windows. Similarly, Adobe reports that CVE-2013-0634 is also being exploited in the wild. The attacks targeting this vulnerability is delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform. It can also affect Windows users in similar way as CVE-2013-0633. [Read more...]