Anyone who uses a web browser with Flash enabled should stop what they’re doing and install the latest Flash update from Adobe. The new version (18.0.0.194) was announced earlier today to address a critical vulnerability for which exploits have been observed in the wild.

Note that YouTube no longer uses Flash by default, so if you previously only used Flash for YouTube, you might be able to completely disable it in your browser. YouTube now uses a video player based on HTML5 technology.

Internet Explorer on Windows 8.x and Google Chrome will receive the new version of Flash via their own update mechanisms.

Brian Krebs has additional details on the vulnerability and the update. Krebs also recently wrote about his recent experiment in trying to live without Flash.

Update 2015Jul01: And just like that, the Cryptowall malware has been modified to take advantage of this vulnerability in unpatched Flash installations.

The latest Flash release from Adobe is version 18.0.0.160. According to the associated security bulletin, this update addresses at least thirteen security vulnerabilities.

Several other bugs, unrelated to security, were also resolved. See the release announcement and release notes for details.

The new version also includes a somewhat streamlined installation process: users will no longer be prompted to restart their browser after Flash installation. The previous version will continue to function until the browser is restarted.

As usual, Chrome will be automatically updated to use the new Flash, and Internet Explorer 10 and 11 on recent versions of Windows will get the new Flash via Windows Update.

A new version of Flash was announced by Adobe yesterday. Flash 17.0.0.134 addresses at least eleven critical security vulnerabilities.

Anyone who uses a web browser with Flash enabled should install this update as soon as possible. That includes anyone who ever looks at any videos on Youtube.

Internet Explorer 10 and up will receive this Flash update via Windows Update, and Google Chrome will update itself.

Update 2015Mar27: That didn’t take long. At least one popular exploit kit (aka ‘set of hacking tools’) now includes a pre-packaged attack that targets one of the vulnerabilities fixed in Flash 17.0.0.134. If you use Flash, and you’re not in the habit of updating it, you should either stop using Flash or keep it up to date.

To their credit, Adobe is reacting swiftly to the recent outbreak of critical vulnerabilities in Flash. They just released another new version (16.0.0.305) to address vulnerability CVE-2015-0313, which is being actively exploited on the Internet.

Anyone using Flash, especially in a web browser, should install the new version as soon as possible.

Internet Explorer for Windows 8.x and Google Chrome will see related updates in the very near future.

Update 2015Feb07: Ars Technica: As Flash 0day exploits reach new level of meanness, what are users to do?

Adobe has updated the bulletin related to the CVE-2015-311 vulnerability in Flash. Apparently a new version of Flash (16.0.0.296) has been released to address the bug.

Initially, the new version was not available from the main Flash download page, although computers with Flash’s automatic update feature enabled did download and install it. As of January 27, the new version is available on the Flash download page.

Anyone using a web browser with Flash enabled should install the new version as soon as possible.

Ars Technica has additional details.

Update 2015Jan28: Adobe has issued another security bulletin for this update.

Update 2015Jan30: Flash 16.0.0.296 also addresses the vulnerability CVE-2015-312.