On March 10 Adobe released an out-of-band update for their Flash Player that addresses a vulnerability (CVE-2016-1010) actively exploited in targeted attacks. APSB16-08 addresses also another 22 vulnerabilities. A successful exploit of this vulnerability gives the attacker Remote Code Execution on the target machine. Attack vector includes malicious websites set up for the purpose of attack using Search Engine Poisoning, “normal” websites that have been hacked and are under the control of the attacker, and e-mailed documents (Word, PDF) that include a malicious Flash component.
https://vimeo.com/162608234