Adobe has fixed a Flash Player vulnerability which is already being exploited

Adobe has released an updated version of its Flash Player, bringing it to version 28.0.0.161.

This fixes a bug when uploading video using the RTMPS protocol, and has other “security and functional fixes”. Most importantly, though, it addresses a critical vulnerability which is already being exploited in limited, targeted attacks against some Windows users, via spear-phishing (via email). This is therefore an important and urgent update if you still have Flash Player installed.

It is available from Adobe here.