A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. This vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Adobe expects to release an update for Flash Player during the week of February 2; i.e., later this week.
http://helpx.adobe.com/security/products/flash-player/apsa15-02.html
------------------------
With acknowledgements to "Puppy" for posting at Lenovo, and to Corrine for posting at Landzdown.