From
PC World through Yahoo! News:
Partial quote (see link for full article):
An unpatched bug in Adobe Systems' Flash Player software is being exploited by online criminals, Symantec reported Monday.
Few details on the bug are available, but the flaw lies in the latest version of the Adobe Flash Player browser plugin, which is widely used by Internet surfers to view animated Web pages. The flaw affects both the recently released Flash Player version 9.0.124.0 and version 9.0.115.0, according to an advisory posted Monday to Symantec's Security Focus Web site.
The flaw lets attackers run unauthorized software on the PC, and if the attack fails for some reason it will likely crash the browser, Security Focus said. Symantec is not aware of any vendor-supplied patches for the flaw, the advisory states.