Java and Internet Explorer have both been rocked with some pretty nasty zero day exploits earlier in the year, but they’re not the only software that gets hit with exploits. Adobe’s Flash is frequently targeted by hackers as well, and said hackers have been having their way with it recently thanks to two zero day exploits.
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
If you don’t want to be hit by something that nasty, you might want to update to the latest version of Flash now. Most Flash users probably have automatic updating turned on, however, and won’t need to worry as the update will take care of itself. For those who do not, you’ll want to download the latest version from Adobe’s Web site.
There might be other zero-day vulnerabilities floating around in Flash for hackers to find and exploit users with. Always stay on guard and only use Flash on trusted Web sites. You can do this by installing a plugin that disables any Flash content from automatically playing unless you authorize it. This technology is built into Firefox. Chrome users can grab the popular FlashControl extension here. If you’re using Internet Explorer, especially IE8, you should probably just stop.