Security researchers have advised users of Adobe's Flash Player to disable the software temporarily, as yet another remotely exploitable vulnerability is being actively attacked by would-be hackers.
The bug has the potential to allow attackers to take full control of users' computers without their interaction.
Recently-released Flash Player versions 220.127.116.116 for Microsoft Windows and Apple OS X are vulnerable to the CVE-2015-0313 vulnerability, which Adobe rates as critical. Versions 18.104.22.1684 and earlier are also vulnerable, along with Flash Player 22.214.171.1240 and earlier for Linux.
Security vendor Trend Micro is credited with discovering the new zero-day vulnerability alongside two Microsoft researchers.
The company said CVE-2015-0313 is being actively exploited in drive-by attacks delivered via malicious advertisements, believed to have been executed through the Angler Exploit Kit.
"Malvertisements" on popular websites redirect visitors to a series of other sites, finally landing at a Russian-registered domain that attempts to deliver the payload that executes the exploit.
Trend Micro said it has already counted over 3000 hits related to CVE-2015-0313, suggesting the vulnerability is being widely used by attackers.
Neither the security vendor nor Adobe have yet published a full analysis of the new zero-day, which is the third to strike the popular Flash Player software in a month.