Adobe still keeps a tradition to publish information about new zero-day vulnerabilities affecting their Flash Player (now 19.0.0.207).
What is really interesting – there is no patch yet, and this vulnerability has been exploited in the wild! So it is yet another good reason to disable Flash player in your browser (if you did not disable it already).
Security Advisory: APSA15-05
Details about know exploitation (spear phishing targets Ministries of Foreign Affairs) as part of Operation Pawn Storm:
New zero-day exploit hits fully patched Adobe Flash
Update:
Trend Micro analyzed the vulnerability and made a PoC code. Again it is poor technique how Flash compiler handles language semantics and allows to bypass internal security controls:
Latest Flash Exploit Used in Pawn Storm Circumvents Mitigation Techniques
In my opinion described technique exploits some fundamentals weaknesses of Active Script and will not be easy to fix the root cause.