Adobe is aware of reports that CVE–2013–0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE–2013–0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE–2013–0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
While it’s known that the exploits are being used to target Windows and OS X, Adobe has also taken the opportunity to issue patches for Linux and Android.
The new Flash Players can be found here. If you’re using Google Chrome and Microsoft Internet Explorer 10, their built-in Flash Player will be updated automatically.