Two exploits given CVE references CVE-2013-0633 and CVE-2013-0634 have been reported by Adobe as being exploited in the wild targeting Windows and Mac users.
Users should update their flash if it does not do so automatically. The affected versions and platforms are as follows
- Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
- Adobe Flash Player 18.104.22.1681 and earlier versions for Linux
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 4.x
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and 2.x
CVE 2013-0634 utilises Microsoft Office documents that when opened causes a malicious flash file to be executed. CVE 2013-0633 requires the malicious flash object to be hosted on a website.
Fire Eye has a good posting about how these exploits operate here utilising the LadyBoyle exploit code.
There is also coverage at ‘Malware Must Die’ site here.