Adobe has released Adobe Flash Player 11.6.602.171 to address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.
Adobe recommends users update their product installations to Adobe Flash Player 11.6.602.171. More information in APSB13-08.
As of version 11.3 Adobe has two different MSI packages available for download. One MSI (full_flashplayer_win_msi) is targeted for Internet Explorer users. The another (full_flashplayer_win_pl_msi) is targeted for Pluged-in based browsers like Firefox. These can be downloaded from the Adobe Flash Player download page here or by using these links:
The 'Adobe Flash Player Administration Guide for Flash Player 11.5' describes the administration of Flash Player 11.5 (the link to the 11.6 guide has not been made available yet). How it's installed, how it works, and how you can control it to suit the needs of a specific network environment. This document is intended for IT or administrative professionals who manage the installation or use of Flash Player for multiple users in a controlled environment. The Adobe Flash Player Administration Guide contains chapters which cover the Flash Player environment, installation of the Player, Administrator settings, User-configured settings and Security considerations. You can download it here or the 'Adobe Flash Player Administration Guide for Microsoft Windows 8' here.
It also contains information about a configuration file called mms.cfg with which can you switch off the AutoUpdate feature. The mms.cfg can be added to a transform file for this MSI and then be included in the installation: