Adobe is preparing a patch for a Flash Player Zero Day that has been undergoing active exploitation by attackers.
According to the company, the critical flaw, identified as CVE-2016-1019, exists in Flash Player 18.104.22.168 and earlier versions for Windows, Mac, Linux and Chrome OS.
Flash Player 22.214.171.124, a version released in March, introduces a mitigation that prevents attackers from exploiting the vulnerability. Adobe said attacks involving CVE-2016-1019 launched against systems running Windows XP and Windows 7 with Flash 126.96.36.1996 and earlier.
The vendor said it will release a patch for this Zero Day shortly. In the meantime, users should make sure their Flash installation ends up updated to version 188.8.131.52 or later.
Adobe has credited Kafeine of Proofpoint, Genwei Jiang of FireEye, and Clement Lecigne of Google for reporting the issue.
This will be the third Flash Player update issued by Adobe this year.