Adobe announced today an emergency update only that will be released on Thursday June 16th. The upcoming patch will set a zero-day (where else?) to Flash Player, who are currently using it for targeted attacks.
According to Anton Ivanov and Kaspersky's Costin Raiu, vulnerability is already being used in targeted attacks.
The vulnerability identifier registered for this zero-day is CVE-2016-4171, and Adobe reports that it affects both Flash Player 21.0.0.242 and earlier versions running on Windows, Macintosh, Linux and Chrome OS.
Flash Player 21.0.0.242 is the latest version of the company. This means that zero-day affects all Flash-based systems.
The vulnerability allows an attacker to crash an installation of Flash Layerer with a non- safe way something that then allows it to run malicious code on system of the victim and take over his management.
If you are using Flash Player, immediately disable the application, or plugin, until at least the Adobe ch patch is released…