Adobe has issued new critical updates to Flash to patch numerous security flaws, some of which are already being exploited in the wild.

Vulnerability (CVE-2015-8651) was reported to being seen used “in limited, targeted attacks“, according to Adobe.

A PC or Mac with Adobe Flash Player can be compromised by simply visiting a webpage that contains a malicious embedded Flash Media element unless they are fully patched with this security update

Everyone should immediately upgrade all installations of Adobe Flash Player (whether on Windows, OS X, Linux or Chrome OS). Although Adobe normally releases security patches on the second Tuesday of each month (dubbed “Patch Tuesday“), it has decided the severity of this vulnerability be patched out-of-band in an emergency update.

This critical security update can be downloaded direct from Adobe at http://www.adobe.com/go/getflash. If you use multiple browsers, be sure to perform the update for each browser you have installed on your system.

Overall there are 19 security flaws that are patched in the emergency APSB16-01 update:

• A type confusion vulnerability that could lead to code execution (CVE-2015-8644).
• An integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
• Use-after-free() vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
• Memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).

It is further recommended that you should enable click-to-play for Flash in your browser as a mitigation against future security bugs in Adobe Flash. Instructions on how to enable this function for all web browsers can be found here.