Adobe has released an update for all flavours of its media mangler Flash Player which plugs a hole which could allow cross-site scripting (XSS) attacks.
Flash Player versions up to and including 103.181.16 for Windows, Mac, Linux and Solaris are all vulnerable to attacks embedded in maliciously-crafted web sites - and examples have been seen in the wild. As such, anyone using Flash Player should upgrade as a matter of urgency. You'll find the relevant update here.
The company says it is working on updates for Android versions of the media player software, and that something will be announced later this week.