Adobe Product Security Incident Response Team reports:
An important vulnerability has been identified in Adobe
Flash Player 10.3.181.16 and earlier versions for Windows,
Macintosh, Linux and Solaris, and Adobe Flash Player
10.3.185.22 and earlier versions for Android. This universal
cross-site scripting vulnerability (CVE-2011-2107) could be
used to take actions on a user's behalf on any website or
webmail provider, if the user visits a malicious website.
There are reports that this vulnerability is being exploited
in the wild in active targeted attacks designed to trick
the user into clicking on a malicious link delivered in an
email message.