Adobe described the attacks as "targeted" and warned that malicious Flash files are being delivered in e-mail messages.
Although the vulnerability affects Flash Player on all platforms, the malware attacks target Flash Player on Internet Explorer for Windows only.
According to Adobe's advisory, the patch is available for Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 126.96.36.199 and earlier versions for Android 4.x, and Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x.
"These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system," Adobe said.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
Windows users should treat this update with the utmost priority, Adobe said.