According to TrendMicro this vulnerability exists in all versions up to 18.0.0.204 and there is no patch for it yet. Adobe has stated that they expect to have a fix for the flaw this week. This new bug comes on the heels of a bug that was found in the Neutrino exploit kit. The first bug was just patched a few days ago and was found in some of the leaked data from the Hacking Team breach. Hacking Team develops and sells malware/spyware to countries and law enforcement.
The breach, which claimed 400GB of sensitive data including source code, was found to be the result of weak passwords. It is something of a joke that a security firm would have weak passwords protecting sensitive data, but we have seen worse cases of bad security behavior in the past. As we wrote a few days ago we expect to hear about more “fun” things in the data stolen from the Hacking Team in the coming days and would not be surprised at all to hear about a few more exploits. After all, one of the things that these companies do is discover flaws in operating systems and applications so their software can do its job…
It is going to get ugly so stay safe out there.