The zero-day flaw is part of a popular exploit kit and is used by cybercriminals to infect systems with ransomware. Infection is possible just by visiting a website running a Flash file so updating is a high priority. Some browsers like Chrome and Edge update flash automatically, while in other cases you need to do it manually.
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details.