Apparently Adobe’s Acrobat is the new favorite vector of attack:
Nearly half of targeted attacks exploit holes in Acrobat Reader, which is used to read PDF (portable document format) files, according to F-Secure. Meanwhile, the number of PDF files used in dangerous Web drive-by attacks jumped from 128 during the first three and a half months of last year to more than 2,300 during that time this year, the company said.
I’m guessing these are targeted attacks, so it’s just a matter of not opening PDFs from people you don’t know, and using something other than Acrobat Reader to read PDFs.
As for the security holes in Flash, turn it off entirely, or use a Flash blocker like ClitckToFlash to minimize exposure.