Adobe yesterday pushed out an unscheduled update for its Flash Player software, fixing critical security flaws already being used to attack both Macs and PCs.
"Adobe is aware of reports that [the flaw] CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content," Adobe's security bulletin said.
"Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform," it said.
The second bug could also be used in phishing attacks using Word attachments in Windows, Adobe added.
All users of Adobe Flash Player, including those running it on Linux and Android, were urged to apply the patches. (Flash Player has never run on Apple's mobile iOS platform.)
To check which version of Flash Player your browser uses, go to http://www.adobe.com/software/flash/about/.
To update it, go to http://get.adobe.com/flashplayer/. If you have Flash Player set to automatically update, the update will be applied upon the next system restart.