Another Flash zero-day exploit has emerged from the hundreds of gigabytes of data recently leaked from Hacking Team, an Italian surveillance software company that is long been accused of selling spying software to governments and intelligence agencies.
The critical zero-day vulnerability in Adobe Flash is a Use-After-Free() programming flaw (CVE-2015-5122) which is similar to the CVE-2015-5119 Flash vulnerability patched last week and allows an attacker to hijack vulnerable computers.
Adobe says the cyber criminals are apparently already exploiting this vulnerability for which no patch exists yet. However, it's second time in a single week when the company is working on a fix for the zero-day vulnerability in its Flash Player software.
Flash Zero-Day Flaw in the Wild
The Exploit code for this flaw is already available online, allowing an attacker to remotely execute malicious code on victims' computers and install malware, Adobe said in an advisory published late Friday.
"Successful exploitation [of CVE-2015-5122 flaw] could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.
The zero-day vulnerability is present in the latest Adobe Flash Player version 18.0.0.204 and earlier versions for Windows, Linux and OS X.
Adobe credited FireEye researcher Dhanesh Kizhakkinan for reporting the vulnerability documented in stolen data leaked from Hacking Team.
Therefore, once again we advise everyone with Flash installed to remove or disable the software until the company patches the critical security bug.