This talk will introduce Use-After-Use-After-Free (UAUAF), a novel and relatively universal exploitation technique for UAF vulnerabilities in Adobe Flash. By leveraging a sequence of object occupations and releases, UAUAF can transform a UAF into a multi-class type confusion. Full memory access is gained upon the mitigations recently added by Adobe. More importantly, this talk will illustrate UAUAF by CVE-2016-1097, a real UAF 0day that I reported to Adobe in May. Exploitation process, i.e., from discovering the 0day, gaining full memory access, chaining ROP gadgets, to the final code execution will be presented in detail.