Users who haven't updated their Flash player and Shockwave may be ripe for attack, as Adobe announced security updates for the software.
According to the Flash security bulletin, the critical bugs patched, CVE-2013-5331 and CVE-2013-5332, affect Windows, Mac, and Linux users.
While both vulnerabilities were given the highest priority rating, an exploit has already been detected in the wild for the first of the two, which uses social engineering to trick users into giving attackers access.
“Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331,” the bulletin states.
Just last month, Adobe patched four vulnerabilities which also affected Flash, as well as its ColdFusion web application server. The two bugs affecting Flash were also given a high priority rating.
Additionally, updates for Shockwave player that fix two vulnerabilities were also made available this week. Both were deemed “critical” and could allow remote code execution, according to Adobe's severity ratings.