Adobe has issued an out-of-band patch for its Flash player that addresses 19 vulnerabilities, including one zero-day flaw.
In a security advisory, Adobe said that it is “aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks.”
It described the exploit as an “integer overflow vulnerability that could lead to code execution”.
Qualys CTO Wolfgang Kandek said in a blog post that the update would have been released in January 2016 had it not been for the zero-day, which required out-of-band patching.
“As with all zero-days fixes this one deserves special attention and a quick turnaround,” he said.
Security blogger Brian Krebs used the disclosure of the zero-day to again encourage web users to reconsider Flash use.