A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. The vulnerability allows an attacker to send booby-trapped content to a browser’s Flash plug-in that may cause the browser to crash, and will also hand over control to the hacker in the process. This type of exploit is known as Remote Code Execution (RCE) or drive-by-download or drive-by-install and is a common method of malware installation.
Adobe recommends users update their installs to the newest version. Please see the following for more information on affected versions and solutions:
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
It is recommended that Flash is kept up to date and that users utilize their browser’s click-to-play function (a/k/a ask to activate), so Flash content does not run without a user realizing it. For more information on how to activate this for your browser(s), please see:
https://www.grahamcluley.com/2015/06/enable-click-play-adobe-flash/
To read the Adobe Security Advisory, please see:
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html