I. Summary
Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free.
II. Description
If the variable parameter of a TextField instance equals to a getter property associated with swfRoot where the getter method includes a call to removeTextField(), the TextField instance is used after it is freed.
III. Impact
Use-After-Free
IV. Credit
Wen Guanxing from Venustech ADLAB is credited for this vulnerability.
It has been assigned by Adobe as CVE-2016-0990
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html