Posted: July 7, 2015 by

Last updated:

After only one day, cyber criminals have already integrated the latest and currently unpatched Flash Player zero-day.

Update (07/08/15): Adobe has released a fix with version 18.0.0.203. Please update ASAP.

The Neutrino exploit kit is using a Flash zero-day which is still unpatched as we write this.

We first discovered the Flash zero-day hit at 3 PM PT and we believe it is the same as the one revealed in the Hacking Team hack, which we blogged about earlier today.

This is one of the fastest documented case of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by Hacking Team.

The exploit also works in Firefox (latest version):

Only a few minutes later, Angler EK began firing the new zero-day (this was also reported by other sources):

Malwarebytes Anti-Exploit users were already protected against this attack.