Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple's Macintosh platform.
While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday's unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible.
The Mac exploits target users of the Safari browser included in Apple's OS X, as well as those using Mozilla's Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory. Adobe credited members of the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE with discovery of the critical bug.