Microsoft has been doing some research into all the recent cross-platform malware (1, 2, 3) that attacks Windows, Macs, and sometimes even Linux. The company has concluded that current attacks exploit third-party vulnerabilities in software on these platforms. There are two ways the malicious code is being delivered, according to the software giant: via the Web and via e-mail attachments
More specifically, Microsoft has found cybercriminals are currently leveraging 12 vulnerabilities in Java, seven in Adobe Flash, three in Adobe PDF applications, and three in Microsoft Office (one in Excel and two in Word). All of these can be used to target and attack multiple platforms. Since Java had the most, Microsoft has already recommended that you update it or kill it.
Read more at:
Microsoft: Windows, Mac malware gets in via Adobe, Java, Office | ZDNet