Earlier today, Adobe published a critical security update for the Adobe Flash Player to resolve a zero-day vulnerability that is already being exploited in the wild. The security update resolves CVE-2016-7855, which could allow an attacker to crash the system or execute arbitrary code. Adobe acknowledged reports that an exploit for CVE-2016-7855 is already being used in limited, targeted attacks against users.
If you still have Adobe Flash Player installed either in the form of the desktop runtime or a plugin for your web browser, you should install the security patch as soon as possible. Users should also consider enabling explicit “Click to Play” for Adobe Flash content in their web browsers to prevent automatic exploits of Flash content when visiting compromised sites. Howtogeek.com has a guide available for enabling Click to Play on all major browsers. –Marc Laliberte