The exploit is being used against selected targets, and is being delivered as an attachment to email messages.
The vulnerability has also been addressed in Flash Player 10.3.183.19 for Windows, Mac and Linux users who cannot update to version 11, and also in 18.104.22.168 for Android 4 and 22.214.171.124 for Android 3 and earlier.
Adobe recommends all Flash Player users install the relevant update. Updaters are available via the Adobe Flash Player Download Center.
The version of Flash within Google Chrome has already been updated.