The patch is available for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Mac, and Linux; Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x; and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x.
Adobe warned that the object confusion vulnerability fixed in the update “could cause the application to crash and potentially allow an attacker to take control of the affected system.”
Although the patch fixes the flaw for all of these platforms, the active exploits are targeting only Flash Player on IE. Therefore, this update received a No. 1 priority rating for the Windows platform; other platforms received a No. 2 priority rating.
“There are reports that the object confusion vulnerability (CVE-2012-0779) addressed in this update is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only”, Adobe warned in its security advisory.
Adobe thanked Microsoft Vulnerability Research for reporting this issue and for working with Adobe on the fix.