Attackers have begun actively exploiting the critical Adobe Flash vulnerability that Adobe patched last week, using rigged Web pages and phishing techniques to compromise vulnerable machines. The attack code is being hosted on a number of sites around the Web right now, researchers said.
Adobe warned last week when it released a patch for the bug that the vulnerability in Flash can be used for remote code execution, and that's being proven out right now. Researchers at Websense have found a number of sites that are rigged with malicious code designed to exploit the Flash vulnerability and the exploit itself is using some rather advanced techniques in order to compromise users' machines.
The attack begins as most drive-by download attacks do, with a user visiting a malicious site with a browser running a vulnerable version of Flash. The site loads a malicious Flash file, which contains the exploit for the Flash bug and begins the exploitation chain. From there, the interesting parts kick in.
Continued : http://threatpost.com/en_us/blogs/attackers-exploiting-critical-flash-bug-drive-download-062011
Related: Attackers exploit latest Flash bug on large scale, says researcher