Attacks using the CVE-2013-0633 vulnerability involve tricking Windows users into opening a booby-trapped Word document (.doc) containing malicious Flash (SWF) content. The malicious Word documents arrive as an email attachment.
The second vulnerability, CVE-2013-0634 is being exploited in drive-by-download attacks using malicious Flash content and pose a threat to both Windows & Mac OS X users.
Adobe recommends that Linux and Android users update their software even though Windows & OS X are the only ones that appear to be targeted in the ongoing attacks.
Affected Flash Player versions, according to Adobe’s security advisory:
- Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
- Adobe Flash Player 22.214.171.1241 and earlier versions for Linux
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 4.x
- Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x
Not Sure What Version of Flash Player You Have?
Users that are unsure of what version they’re running can find out by:
- Visiting the About Flash Player page on Adobe’s website.
- Right-clicking on content running in Flash Player & select “About Adobe (or Macromedia) Flash Player” from the menu.
Be sure to check the version in each web browser installed on your system; just remember that Google Chrome & IE10 will be updated automatically!
How to Update Adobe Flash Player
To update their installation of Adobe Flash Player, users can:
- Download the update from the Adobe Flash Player Download Center.
- Use the built-in update mechanism in Windows Control Panel or OS X System Preferences.