Adobe released a patch to cover a critical update in Flash at the end of last week.
It claimed that the flaw has been used in targeted attacks on Internet Explorer for Windows only, and that the vulnerability (CVE-2012-0779) is designed to trick the user into clicking on a malicious file delivered in an email message.
Wolfgang Kandek, CTO at Qualys, said: “The patch is of highest urgency as there are attacks in the wild against the vulnerability. Adobe's security bulletin APSB12-09 states that the current exploit arrives in an email as a file attachment that users have to click on in order to get infected.
“Users who have opted in to participate in the newly introduced ‘silent update' feature (currently only available on Windows) will have the update applied automatically on all browsers present on their system. Users of other operating systems and users that have opted out of ‘silent update' need to manually install on all browsers.”
An update for Android was made available through Google Play while other updates were released for Windows, Mac OS X and Linux.
Elsewhere, Apple issued a security update on Monday to fix issues in Safari and WebKit, the most serious of the bugs being a ‘memory corruption' defect that can lead to the remote execution of malicious code. Two of the WebKit flaws could result in cross-site scripting attacks, one of which was uncovered at the Pwnium contest in March.