Adobe would allow an attacker to bypass access restrictions, although there is no information about the vectors that could be leveraged in the breach. These are the CVE identifiers CVE-2014-0537 and CVE-2014-0539 and have been attributed to Masato Kinugawa.
The flaw, CVE-2014-4671, addressed in Adobe Flash Player 220.127.116.11, touches on validation checks of the content from JSONP callback APIs.
Many high-profile domains were affected by the flaw, including those from Google, Twitter, Instagram, Tumblr, Olark, and eBay. However, some of them have already taken the necessary measures to protect against the vulnerability. The domains from Google, Twitter and Tumblr are currently protected against this sort of attack.
Update to the latest version of Flash Player is imperative in this case. Users of Google Chrome, Internet Explorer 10 and 11 receive the new revision automatically in some cases a browser restart is required for the update to complete.
Users that do not receive the update automatically are advised to install it manually as soon as possible in order to eliminate security risks.