Yesterday Adobe published the second update (APSB14-26) of Adobe Flash this month, an out of band release. After addressing 18 CVEs in the November 11 update (APSB14-24), the new version of Flash has only a single fix for CVE-2014-8439. Adobe does not say why this CVE is so important that it warrants this unexpected release, but points out that a mitigation for this problem had been introduced already in APSB14-22 in October.
They acknowledge the work of a trio of security researchers that are all quite involved in malware detections in the wild (Sébastien Duquette of ESET, Timo Hirvonen of F-Secure and Kafeine from malware.dontneedcoffee.com) which makes me think that they have seen the initial signs of exploitation attempts. I would address the flaw as quickly as possible.
Internet Explorer 10 and 11 and Google Chrome will autoupdate Flash, on other browsers you will have to run the update by yourself. You can use our free BrowserCheck tool to get a quick overview of the security situation on your desktop or laptop. With the BrowserCheck Business Edition you can even control a small network and see how your users are keeping their machines at the latest level.