Adobe released an out-of-band patch for its Flash Player that corrects a zero-day vulnerability being exploited in the wild in watering hole attacks against defense and public policy websites. The vulnerability enables someone to remotely overwrite the vftable pointer of a Flash object to redirect code execution. The attack targets Windows XP users, as well as Windows 7 users running an unsupported version of Java (1.6) or out of date versions of Microsoft Office 2007 or 2010. Upgrading to the latest versions of Java or Office will mitigate the threat, but not patch the underlying vulnerability.
Source: https://threatpost.com/emergency-adobe-flash-update-handles-zero-day-under-attack/104387/