Adobe has released Flash Player 11.5.502.149 for Windows and Mac and Flash Player 220.127.116.118 for Linux. Flash Player for Android has also been updated.
The latest updates address a couple of vulnerabilities that are currently exploited in the wild.
The affected products are Flash Player 11.5.502.146 and earlier variants for Windows and Mac, and Flash Player 18.104.22.1681 and earlier versions for Linux.
One of the security holes, CVE-2013-0633, is a buffer overflow vulnerability that’s leveraged in targeted attacks. The cybercriminals disguise malicious Flash (SWF) content inside innocent-looking Microsoft Word documents, which they send via email to their potential victims.
The second flaw, CVE-2013-0634, is a memory corruption bug that’s used in attacks against Firefox and Safari on the Mac platform. It can also be exploited in the same way as CVE-2013-0633.
Considering the fact that the vulnerabilities addressed by the latest update are actively exploited in the wild, users are advised to install the update as soon as possible.
Adobe Flash Player for Windows is available for download here
Adobe Flash Player for Mac is available for download here
Adobe Flash Player for Linux is available for download here
Adobe Flash Player for Android is available for download here