Update: 2/3: Adobe has found yet another zero-day vulnerability in Flash:
A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 220.127.116.116 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Update 1/27: Adobe has fixed another zero-day exploit in Flash. Click here to find out how to download or update the program.
Adobe released a patch for an exploit in Adobe Flash today. You need to get this update right now, because the security hole is being used in active attacks.
The vulnerability was exploited by hackers using commercially distributed "exploit kits." An exploit kit is an automated program that allows anyone to hack a website with this specific vulnerability. Hackers with an exploit kit don't need any technical know-how. All they have to do is buy a tool that does it for them.
Users who combined an old version of Flash with Microsoft Windows were vulnerable to anyone who paid for The Angler Exploit Kit.
While updating your Flash Player will protect you from this vulnerability, there's another zero-day exploit in Flash that hasn't yet been fixed.
If I had one thing to say about Adobe, it's that the company is honest. In a blog post about the latest Flash update, the company also revealed that it was aware of another exploit that hasn't yet been fixed.
Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, we are investigating reports that a separate exploit for Flash Player 18.104.22.1687 and earlier also exists in the wild.
Not sure if your Flash Player patches automatically? Click here to find out how to update or download Flash. Even if you do update your Flash Player, then you might still be vulnerable to the exploit that Adobe hasn't patched yet.