“Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform,” Dan Goodin reports for Ars Technica.
“While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well,” Goodin reports. “Users of all affected operating systems should install the update as soon as possible.”
“The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory,” Goodin reports. “The other bug under attack, CVE-2013-0633, also works by tricking Windows users into opening a Word document containing malicious Flash content.”
Read more in the full article here.