Two critical flaws in Adobe Flash Player were found this past Friday (July 10), and Adobe can promise only that it will patch the vulnerabilities sometime this week. Until then, it's best to disable Flash Player in all desktop Web browsers.
The previously unknown flaws were in files stolen from Hacking Team, an Italian company that sells digital surveillance tools to governments worldwide, and posted online July 5. In an advisory posted Friday, Adobe said it "expects" to provide patches for the vulnerabilities "during the week of July 12, 2015."
Even after these flaws are patched, Adobe Flash Player will still be a huge security risk. Alex Stamos, head of security at Facebook, yesterday urged that "Adobe ... announce the end-of-life date for Flash," adding that browsers should disable Flash at the same time.
To heed Stamos' advice, you may want to leave Flash permanently disabled, although you won't be able to view many animations and, well, animated ads. A less drastic solution is to set Flash to "click to run"; any Flash animation that wants to run will need your permission first. To set click-to-run, follow the steps detailed on this page.