Adobe has released APSB11-13 [1] along with Flash Player 10.3.181.22 to correct the following important flaw: An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. [1] http://www.adobe.com/support/security/bulletins/apsb11-13.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0850 https://rhn.redhat.com/errata/RHSA-2011-0850.html
According to Adobe, this issue also affects Adobe Reader for Linux. The support model of Adobe Reader for Linux was changed and upstream only plans to release updates twice a year. Next update is planned for September 13, 2011. http://blogs.adobe.com/asset/2011/06/notes-on-adobe-reader-and-acrobat-10-1.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1434 https://rhn.redhat.com/errata/RHSA-2011-1434.html
Note: Adobe Reader 9.4.6 for Unix does not bundle Flash Player any more. Hence future Flash flaws will not apply to it.