Adobe has rushed out a patch to fix vulnerabilities in Flash Player including one actively exploited.
The Flash update (10.3.183.7) and earlier versions for Windows, Macintosh, Linux and Solaris have received several fixes.
The zero-day bug enabled cross-site scripting attacks and was exploited in phishing emails, Adobe said.
The patches included a fix for Flash (10.3.186.6) for Android, and others for vulnerabilities rated critical which could have allowed a full system take over.
Google also patched the Flash Player flaw in its Chrome browser.