Adobe today released a new Flash Player in the 22.214.171.124 version that corrects a critical security flaw discovered by two Google researchers. The defect is used in attacks against Windows users.
The technical description of the vulnerability is "use-after-free vulnerability that could lead to arbitrary code execution", and Adobe encoded it with the ID CVE-2.016-7855.
Researchers Neel Mehta and Billy Leonard from Google's threat analysis team reported that CVE-2016-7855's vulnerability appears to be used in limited, targeted attacks, especially by cyber-espionage groups.
Adobe Flash is embedded in the Edge browser and recent versions of IE, so the next Windows security update will also update Flash automatically. Chrome also has built-in Flash and a Chrome update to its latest version will fix the problem.
Users of other browsers should download the update and install it. The same applies to Linux and Mac users.
At the moment, neither Google nor Microsoft has released security bulletins that fix the problem, but because of the severity of the vulnerability, we will probably hear news very soon.