A new zero-day vulnerability has been discovered in Adobe Flash. Security researcher Kafeine reports that this  vulnerability is currently being exploited in the wild.

The term zero-day refers to an unknown vulnerability or an exploit in a software program that the developer of the software is newly aware of, and has not had the time to address and patch. Zero-days are particularly troublesome because they often present an open window during which cybercriminals can operate unchallenged. Because of this, zero-days are prized by cybercriminals who have knowledge of them and are used for as long and as quietly as possible.

In this case, the zero-day vulnerability was found in Adobe Flash, a widely distributed software application.  Just as troubling, working exploits used to take advantage of this vulnerability were discovered in the Angler Exploit Kit, which is one of many tools sold on the underground market that help criminals commit cybercrime.

The Angler Exploit Kit uses this zero-day vulnerability in Adobe Flash to install malware onto a computers and targets the latest version of Adobe Flash (version 16.0.0.287). Simply visiting a compromised website can install malware onto a machine via the exploit. There is no action needed on the users’ part to become infected. While Adobe is aware of this newly discovered vulnerability, they have not issued a security advisory for it.  

The exploit has already been used in a drive-by download campaign that attempts to deliver malware to the victim’s computer through malicious advertising (malvertising). The malicious adverts redirected through a series of sites that eventually led to the exploit code.

Does This Vulnerability Affect Me?

Norton experts say that it’s important that users remain alert to stay protected from this vulnerability, as it targets the current version of Adobe Flash, which is widely used. Symantec considers this a severe incident, as it has the potential to affect a large number of users.

Testing performed by Kafeine concludes that the following products are affected:

• Internet Explorer versions 6 through 10
• Windows XP (Internet Explorer versions 6-8)
• Windows 7 (Internet Explorer version 8)
• Windows 8 (Internet Explorer version 10)
• Firefox browser

Fully patched versions of Windows 8.1 and the Google Chrome browser do not appear to be affected at this time.

How Do I Stay Protected?

Prior to its disclosure, Symantec products were already blocking versions of the Angler exploit kit known to be attempting to exploit this vulnerability. We can also confirm that the latest version of Norton products protect against the Shockwave Flash File (SWF) file being used in the attack, which is detected as Trojan.Swifi. However, more research is still being conducted on the vulnerability by Symantec’s Security Response team.

Web browser technology can accommodate additional functionality through third party plugins and extensions. Just like any software, these plugins can contain vulnerabilities, which can be exploited. As a best practice we recommend that users reduce their exposure to vulnerabilities by turning off any plugins or extensions, which they do not use on a regular basis.

Please note that this is a developing story.  We will continue to update this story as our Norton security research teams learn more.

​UPDATE- Adobe has released a patch for this vulnerability. To learn how to update your flash player, go here.