Users of Adobe products (i.e. almost all the web surfers) are in serious danger (well, not exactly breaking news).
Critical bugs in Flash Player and Acrobat, both allowing arbitrary remote code execution, are being exploited in the wild.
Adobe just released a Flash Update addressing the player vulnerability, which has been abused in real world attacks for more than 6 weeks. Notice that the FlashBlock work-around suggested by the iDefense bulletin is bogus: as we already clarified a few times, FlashBlock can’t be relied upon as a security defense. The only reliable means to protect yourself against Flash-based 0 day attacks like these are either disabling the Flash Player plugin globally, or using NoScript’s content blocking features to selectively enable only the Flash applets you trust.