Researchers at FireEye have uncovered another zero day Flash exploit from within the ruins of the Hacking Team data dump. Adobe says that they will patch it some time this week. Adobe also says that the flaw could cause a crash and potentially allow an attacker to take control of the affected system.
Like the first Flash zero day that was revealed from the Hacking Team data dump, this one includes a well written proof of concept, so assume that the malware writers will jump right on this one like they did the first one.
According to Adobe, the new bug affects the Windows, Linux and Mac OS X versions of Flash.
In addition, there are reports of a third Flash zero day in the Hacking Team dump, so it may well be that Adobe gets to release 3 emergency patches in a week. That would not be a good week for the Flash maker.
This comes at a time when there is a lot of pressure to move away from Flash to HTML 5. Three emergency patches in a week will only strengthen the call for the move.
Information for this post came from Computerworld.