Adobe has issued patches for 21 serious flaws in its Flash Player software to address critical vulnerabilities that could potentially allow attackers to take control of victims' systems.
The vulnerabilities affect versions of Flash for Microsoft Windows, Apple OS X and iOS, Linux and Google's ChromeOS operating systems, Adobe said.
Of the vulnerabilities, three allow arbitrary code execution through integer overflows, and 11 involve use-after-free flaws.
Researchers from Google's Project Zero, HP Enterprise Zero Day Initiative, NSFOCUS, Microsoft, Kaspersky, Tencent and Venustech also discovered a heap underflow vulnerability in Adobe Flash and eight memory corruption bugs - all of which allow attackers to run code remotely.
Microsoft rates the vulnerabilities as critical, affecting 32 and 64 bit versions of Windows 8.1, Windows RT 8.1, and Windows 10.
Windows Server 2012 and Server 2012 R2 are also affected, but due to the less liberal permissions of the operating systems, the chances of attackers being able to run arbitrary code remotely is only rated as moderate by Microsoft.
Users are advised to update Adobe Flash Desktop Runtime for Microsoft Windows and Apple OS X to version 220.127.116.11; the Flash Player Extended Support Release should be updated to 18.104.22.1683.
Versions of Flash Player built into the Google Chrome, Microsoft Edge and Internet Explorer will be updated automatically.