One of the patched vulnerabilities stems from how older versions of Flash Player checks URL security domains, and only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.
Both vulnerabilities can trigger memory corruptions and can be exploited to execute arbitrary code remotely. However, Adobe is not aware of any exploits for these flaws being used in online attacks at this time, said Wiebke Lips, Adobe's senior manager of corporate communications.
The latest Flash Player can be obtained at http://get.adobe.com/flashplayer/
It is interesting to note that “silent update” has been introduced in Flash Player 11.2. Unlike Mozilla (or Google Chrome), users will be given a choice whether or not to allow software update automatically. And even when the automatic update option is enabled, Adobe will decide on a case-by-case basis which updates will be deployed silently and which won't. Those that change the Flash Player default settings will require user interaction.
For more detail, please refer to http://blogs.adobe.com/asset/2012/03/an ... dater.html