Affected software versions include: Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.336 and earlier versions for Linux.
The Adobe Product Security Incident Response Team warned of a critical vulnerability, resolved in this update, which exists in the wild:
Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.
Graham Cluley on his blog noted a connection between the critical flaw and some sites that were compromised recently.
Cluley warned:
Anyone who has visited these websites in recent weeks is at a high risk of having had their computers infected, and the potential for data on their PCs to have been stolen.
Adobe’s security bulletin (APSB14-07) describes the three flaws patched in this update as follows:
Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should immediately update to the new Adobe Flash Player 12.0.0.70. Users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341 as soon as possible. Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Mac and Linux.
