A zero day Flash vulnerability is being exploited by cyber criminals using the Angler exploit kit.
With an added Adobe zero day, the Angler operators just showed how serious they are about becoming the de facto kit for online crime. There’s still plenty of competition from kits, including Fiesta, Sweet Orange and Goon (popular in China).
Adobe are currently investigating the report by malware researcher named Kafeine, who discovered the exploit kit on cybercrime forums. The vulnerabilities currently affect Flash Player versions up to 220.127.116.11 and the latest 18.104.22.1687.
Users of Windows 8.1 are safe, as well as those using Google Chrome due to it's sandboxing element.
Those using other Windows platforms with Internet Explorer versions 10 and below, and other Mozilla Firefox versions, have been confirmed as vulnerable to the exploit.
On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host. More tests are currently being conducted by Kafeine, Adobe and other malware researchers such as MalwareBytes' Jerome Segura (@jeromesegura).