Updating to Flash version 18.104.22.168 for Windows, Macintosh and Linux closes an "object confusion" vulnerability that, if exploited, could cause an application crash or, worse, lead to the takeover of a system, according to a bulletin.
Adversaries currently are delivering emails containing the exploit as part of an attachment. Right now, only users of Internet Explorer for Windows are being hit.
Flash for Android-based mobile devices also have been updated. If the software is installed on Google's Chrome browser, it automatically was updated so users don't need to take any action.
Users are advised to patch as soon as possible.