Twitter has since addressed the issue, Spagnuolo said in an update to his blog post.
Adobe's update strengthened Flash Player's handling of the kind of malformed .swf files that Rosetta Flash creates. "These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2014-4671)," Adobe said in its security bulletin today.
Spagnuolo also provided steps that website owners can take to block or hinder exploits.
Users running browsers that do not automatically update to the latest version of Flash should download and install the appropriate extension version from Adobe's website. Microsoft updated IE10 and IE11 -- browsers that run on Windows 7, Windows 8 and Windows 8.1 -- and Google pushed the new Flash to Chrome for Windows and OS X via it's "component update system," a secondary service that delivers very small updates to only parts of Chrome.
"This issue is definitely in the wild with public exploit code," warned Ross Barrett, senior manager of security engineering at Rapid7, in an email. "Flash users should patch immediately."
Sign up for CIO Asia eNewsletters.