Adobe has issued an emergency patch for its Flash media player that closes loopholes in the widely used software.
In its security advisory, Adobe said one of the bugs was being actively exploited in a "limited number of targeted attacks".
In total, the patch closes 23 separate security bugs in the Flash player.
Attackers abusing the security holes would be able to take over a computer to steal useful data or spy on the machine's owner.
The update urges people to apply the patch as soon as possible because many of the problems are rated as critical - the highest level.
The holes are found in Flash as well as versions of other Adobe programs used on many different platforms and devices. At risk devices include Windows machines, Macs and Linux computers as well as phones running Android and iOS.
Adobe was alerted to the problems with its Flash player by many different security researchers including experts at Google, Microsoft, Kaspersky Labs and Alibaba.
Many security firms now recommend that people uninstall the Flash player to avoid falling victim to malicious attachments or booby-trapped webpages. A lot of web firms have now stopped using Flash in a bid to thwart attackers.
Several other companies issued big security patches this week. Firefox's update closed 40 separate vulnerabilities, more than half of which were rated as critical.
In addition, Google issued an update for Chrome that, among other things, closed three security holes rated as "high" severity. It paid bug bounties totalling $13,000 (£9,000) to the two researchers who uncovered the loopholes.
On Tuesday, Microsoft issued its regular monthly security update that tackled 13 problems in several different programs including the Internet Explorer and Edge browsers.