Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple's Macintosh platform.
While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday's unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible.
The Mac exploits target users of the Safari browser included in Apple's OS X, as well as those using Mozilla's Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory. Adobe credited members of the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE with discovery of the critical bug.
The other bug under attack, CVE-2013-0633, also works by tricking Windows users into opening a Word document containing malicious Flash content. It was discovered by researchers from antivirus provider Kaspersky Lab.
Adobe's advisory came the same day the company announced plans to provide new protections designed to make it harder to target Flash contained in Microsoft Office files. Effective in a Flash version to be released soon, users of Office 2008 and earlier will receive a prompt before documents will execute Flash content. The content will only run once users click an OK button. The "click-to-play" prompt won't apply to Office 2010, which already contains a "Protected Mode" sandbox that limits the privileges of content within a document.
Thursday's fix brings the latest version of Flash for Windows and OS X to v. 11.5.502.149. The latest Linux version is v. 11.2.202.262, and the most current Android versions are 11.1.115.36 for Android 4 and above and 11.1.115.37 for Android 3 and earlier. Updates are available here. Flash in Google Chrome and in Microsoft Internet Explorer 10 is automatically updated. To see what version of Flash your computer is running click here.
Story updated to change line below the headline. Adobe recommends administrators install Android and Linux updates at their discretion.
reader comments
63