The vulnerabilities currently are being exploited "in the wild," says Adobe's blog on the patches. According to the Kaspersky ThreatPost blog on the pair of zero-days, one attack targets "aerospace and other manufacturing companies" by tricking people into opening a Microsoft Word document with malicious Flash content embedded in it. The second zero-day targets Firefox and Safari on Mac OS X by tricking you into visiting Web sites hosting malicious Flash content, and it aims at Windows users by way of a Microsoft Word attachment delivered via e-mail.
Adobe listed on its blog the affected versions of Flash, and it recommended actions to take. Apple iOS is not affected, since it has never been compatible with Flash.
Adobe recommends users update their product installations to the latest versions:
Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149. Users of Adobe Flash Player 184.108.40.2061 and earlier versions for Linux should update to Adobe Flash Player 220.127.116.112. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 18.104.22.168 for Windows, Macintosh and Linux. Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows. Users of Adobe Flash Player 22.214.171.124 and earlier versions on Android 4.x devices should update to Adobe Flash Player 126.96.36.199. Users of Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and earlier versions should update to Flash Player 184.108.40.206.
You can go to the Adobe Flash Player Download Center to update your version of Flash.