Windows zero-day Flash bug under active attack threatens OS X, Linux too

A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft's Internet Explorer browser, researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe's ubiquitous Flash media player.
 
While the exploit  attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible. People using IE 10 and 11 will receive the update automatically, although it can often take hours for it to arrive. Those who are truly cautious should consider manually installing the update. Users of Google's Chrome browser will also receive the update automatically.
 
 
The exploitation of critical vulnerabilities by state-sponsored or state-motivated adversaries has grown increasingly common in recent years. Most notable examples include theStuxnet, Flame, and Red October malware campaigns. A raft of other smaller campaigns have regularly targeted the Macs and Windows PCs belonging to dissidents of China and other countries as well as private companies and government agencies, although many such attacks don't rely on previously unknown vulnerabilities in widely used products.
 
Full Article