Adobe fixes a zero-day vulnerability exploited in live attacks. The vulnerability, CVE-2017-11292, is a “type confusion”” that leads to remote code execution. The issue affects Flash Player 27.0.159 on Windows
Source: and Chrome OS. Kaspersky Lab researchers say the vulnerability was found in campaigns carried out by BlackOasis