Security Advisory - Multiple Vulnerabilities identified in Adobe Flash Player
Adobe has released security updates for Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh, Adobe Flash Player 188.8.131.521 and earlier versions for Linux, Adobe Flash Player 184.108.40.206 and earlier versions for Android 4.x, and Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe has reported that CVE-2013-0633 has been observed being exploited in the wild through targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux. These updates address the vulnerabilities detailed above.
The NCSC encourages administrators to review the full security bulletin from Adobe, available here, and apply these updates as soon as practicable.