A recent Adobe security bulletin indicates that all versions of Adobe Flash for Android have a "zero-day exploit" critical vulnerability. From what the report shares, the vulnerability is a Microsoft word document email attachment with an embedded flash file. When the flash code is executed the hacker can run malicious code on the affected device. Adobe is keenly aware of the issue, (obviously because they reported it), and are working on a fix.
Source: Android.net via AndroidPolice and Adobe Security Bulletin