Permits in the same profile and only profile on the user:

Rule#1 --> DSN(+.+..++++.+ABCD+.++.A1234567) ACCESS(NONE)
Rule#2 --> DSN(+.+.ABCD.MP++.++.++.) ACCESS(UPDATE)

If this is passed in the RACROUTE #.#.ABCD.MP01.NY.AP.A1234567

Which rule will be used if the requested access level is UPDATE? 

The longer PERMIT that matches will be used.

In the example you gave, the first PERMIT is more specific.

Rule#1 --> DSN(+.+.CACCT.++++.++.++.A123467S(NONE)
Rule#2 --> DSN(+.+.CACCT.MP++.++.++.A12) ACCESS(UPDATE)

Please see Top Secret section "How the Algorithm Determines Best Fit"