Maybe the Flash developers didn’t make the deadline for Patch Tuesday, so they felt left out. Anyway, according to a security advisory published today, Adobe is working on an emergency update for Flash, to address one specific vulnerability, CVE-2016-4117.

That vulnerability is so new, it doesn’t appear in the vulnerability databases. Adobe refers to it as critical, and indeed, exploits have already been observed in the wild (which makes this a good example of a zero-day vulnerability). Adobe expects to publish a new version of Flash that addresses this vulnerability as early as May 12.

Interestingly, the advisory states that the vulnerability exists in Adobe Flash Player 21.0.0.226 and earlier, while the most recent published versions are 21.0.0.213 and 21.0.0.216. Now I’m thinking that Adobe delayed the Flash update scheduled for Patch Tuesday (which presumably would have been version 21.0.0.226) to give them time to fix CVE-2016-4117.