An unconfirmed Adobe Flash Player zero-day vulnerability was discovered yesterday by security researcher Kafeine. The zero-day is reported to affect the latest versions of Adobe Flash Player and has been seen in some versions of the Angler exploit kit. Initial reports indicate that Internet Explorer versions 6 to 10 running on Windows XP, Windows 7, and Windows 8 are affected. Fully patched versions of Windows 8.1 and Google Chrome browsers appear to be unaffected.
Symantec regards this vulnerability as critical because Adobe Flash Player is widely used and the flaw allows an attacker to effectively compromise a host, which then allows for the unauthorized installation of malware.
Adobe has not confirmed the existence of this vulnerability, and has not issued a security advisory.