The critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 18.104.22.168 and earlier versions for Mac, Windows, Linux, and Chrome OS.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe alerted.
Adobe Systems has alerted customers of the exploit today, with reports that security patches will be made available within the week:
Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16.
Until the vulnerability which exists in current Flash Player versions gets an update with security patches, it’s best to disable Flash Player right now.
Remember to take heed, because the only safe place to get your Adobe Flash Player update is from Adobe itself, and if you are uncertain – read our guide on how to tell if an Adobe Flash update is legitimate.
Stay tuned for upcoming Adobe Flash security updates later this week.
Editor's Update: We have received a number of requests for help uninstalling Flash Player. See Adobe's official guide to uninstall Flash Player on Macs (on that page, there are additional links for help uninstalling Flash on Windows and other platforms).
If you prefer to simply disable Flash Player until the next update is available, open Safari and go to Preferences > Security, and under Internet Plug-ins click the "Plug-in Settings" button, and then uncheck Adobe Flash Player.