On Wednesday, Adobe released a new version of Flash on Wednesday to address the zero-day vulnerability that was disclosed as part of the Hacking Team attack last weekend.
Unfortunately, our researchers overnight have found another, new unpatched vulnerability affecting Adobe Flash that is a result of the Hacking Team attack.
Our researchers have notified Adobe and they are aware of the situation and are working on a new update to address this vulnerability.
At this time we’ve not seen this new vulnerability added to exploit kits like the other Hacking Team vulnerability has. We have only seen proof-of-concept (PoC) code: that’s code that shows the vulnerability exists but doesn’t actually levy an attack. PoCs are a first step in the process of seeing actual attacks, so this situation could escalate quickly in the next few days.
Until an update is released, you should consider disabling Flash. We will update this blog and our Security Intelligence blog with more information as it develops.