Kaspersky Lab recently identified a critical zero-day vulnerability in Adobe Flash Player (CVE-2013-0633) that was being actively exploited in targeted attacks. Kaspersky Lab reported the vulnerability to Adobe, who issued a security update on February 7, 2013.
The vulnerability was first identified by Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov and it impacts Windows, Mac OS X and Linux operating systems, as well as a number of earlier versions of Android.
Kaspersky Lab advises users to update their systems with the latest version of Adobe Flash Player, which includes the security patch to protect against this vulnerability. Users can verify what version they are running by visiting the Adobe’s About Flash Player webpage, or following the instructions provided in Adobe’s relevant security bulletin.
The vulnerability was being used in a series of targeted attacks that were designed to trick victims into opening a spear-phishing email with a Microsoft Word document, which contained malicious Flash (SWF) content. The majority of attacks analysed by Kaspersky Lab were targeted against human rights activists and political dissidents from Africa and the Middle East.