Adobe has quickly announced and released a patch for Flash on Windows and Mac operating systems, along with updates for Linux and Android. The exploit gives attackers the possibility of causing crashes or to take control of the affected system.
Since Adobe stopped Flash support on new Android installs, this only affect users who installed it before the cut off date.
On Windows, the exploit attempts to fool users into opening a Microsoft Word document in an email attachment that contains malicious SWF content, the format that Flash uses. Another exploit “targets the ActiveX version of Flash Player on Windows.”
The Mac exploit attacks through Safari and Mozilla Firefox, attempting to access the system through websites that use Flash Player.
The CVE numbers CVE-2013-0633 and CVE-2013-0634 are very similar, but it is very important that you update your Flash player as soon as possible.
Here are the recommended updates from Adobe.
- Windows and Mac have the highest priority for updates with Linux and the various Android versions having a lower, but still important priority rating from Adobe.
- To receive the latest and patched version for Windows and Mac, go to the Adobe Flash Player download page.
- Users of Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and earlier versions should update to Flash Player 126.96.36.199.
- Users of Adobe Flash Player 188.8.131.52 and earlier versions on Android 4.x devices should update to Adobe Flash Player 184.108.40.206.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 220.127.116.11 for Windows, Macintosh and Linux.
- Users of Adobe Flash Player 18.104.22.1681 and earlier versions for Linux should update to Adobe Flash Player 22.214.171.1242.
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
Source: Adobe Security Bulletin