So it's confirmed: the Adobe Flash vulnerability revealed in the Hacking Team hack is out in the wild being used, and there's no patch yet. Flash users beware!
Two sources, Malwarebytes and Malware Don't Need Coffee, have documented updates to the Neutrino exploit kit and Angler exploit kit, respectively. Both kits, which are installed on compromised websites by criminals to infect passing web surfers, now exploit the new Flash bug to execute malicious code on victims' computers.
Malwarebytes, which had already warned the exploit would be weaponised quickly, notes: “This is one of the fastest documented case of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by Hacking Team.”
The company shows the exploit working in Firefox:
Malwarebytes' demonstration of the Neutrino exploit kit in action
Don't Need Coffee corroborates, showing the Angler exploit kit “successfully exploiting IE11, win7 x64 Flash 184.108.40.206”.
Malware Don't Need Coffee - Angler exploit kit demonstration
The emergence of the live exploits came to this scribe's attention via @SwiftOnSecurity:
TRANSLATION: Worst-case scenario is now in play - HT Flash 0day with NO patch is now being used to deliver Cryptolockers via exploit kits— InfoSec Taylor (@SwiftOnSecurity) July 8, 2015
Adobe expects its fix to land on July 8. ®