Recently, awareness of zero-day vulnerabilities for Adobe Flash Player surfaced.
Sources indicate that at least one vulnerability is actively being exploited in the wild. Successful exploitation of either vulnerability can result in remote code execution.
Adobe states that all previously released versions (18.104.22.168 and older) of Adobe Flash are affected, including those bundled with Adobe AIR.
Immediately update Adobe Flash Player to 22.214.171.124 (Win and Mac); and 126.96.36.1991 (Linux).
Immediately update AIR Desktop Runtime to 188.8.131.52.
More version information can be found here.
Note: Windows devices which are configured to use IU's Microsoft Update Service will automatically receive updates relating to this vulnerability.
After a reasonable amount of time, users who continue to run vulnerable versions of Flash or AIR will be directly notified via email.
To help mitigate potential future threats, enable Click-to-Play for the Adobe Flash Player add-on.