Adobe issued a security bulletin on Thursday announcing that it was releasing updates to the Flash Player to address a pair of security holes targeting Mac and Windows users.
The Adobe Security Bulletin, via MacRumors:
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
The update can be applied one of two ways; via a manual download of the new 11.5.502.146 version of Flash Player from Adobe’s site, or if you’ve allowed Adobe to automatically update the Flash Player, simply allow it to do so.
In a response to the security vulnerabilities, Apple had set its Xprotect anti-malware system to enforce new minimum version requirements blocking all previous versions of Flash Player. Apple has similarly used the system several times in the recent past to block versions of Java because of similar security issues.
Apple has posted a new support document about the issue containing instructions on how to update the Flash Player if you find that the plug-in has been blocked.
