Adobe is preparing a patch for a Flash Player Zero Day that has been undergoing active exploitation by attackers.
According to the company, the critical flaw, identified as CVE-2016-1019, exists in Flash Player 126.96.36.199 and earlier versions for Windows, Mac, Linux and Chrome OS.
Flash Player 188.8.131.52, a version released in March, introduces a mitigation that prevents attackers from exploiting the vulnerability. Adobe said attacks involving CVE-2016-1019 launched against systems running Windows XP and Windows 7 with Flash 184.108.40.2066 and earlier.
The vendor said it will release a patch for this Zero Day shortly. In the meantime, users should make sure their Flash installation ends up updated to version 220.127.116.11 or later.
Adobe has credited Kafeine of Proofpoint, Genwei Jiang of FireEye, and Clement Lecigne of Google for reporting the issue.
This will be the third Flash Player update issued by Adobe this year.