Update: Adobe have now confirmed the vulnerability.

“A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26. “

Security researcher Kafeine has discovered an unconfirmed Adobe Flash Player zero-day vulnerability.

Although Adobe has not confirmed the vulnerability, Symantec has carried out an analysis, which “confirms that we have coverage for the SWF file being used in the attack as: Trojan.Swifi”.

More details of this vulnerability will be posted once available.