Recent threat analyses of more than 100 exploit kits and known vulnerabilities found Adobe Flash Player to be the most commonly exploited product. According to the report by Recorded Future, that software provided eight of the top 10 vulnerabilities used by exploit kits in 2015.
The exploit kits represent malware software or crimeware as a service. Users pay per installation of the malware, and push the exploitations through compromised sites or malicious third-party advertising. When victims load the web page or follow a bad link, the exploit code is launched and possibly downloaded.
Flash Flaws Most Common in Exploit Kits: Report
8 of top 10 vulnerabilities used by exploit kits target Adobe Flash Player