Adobe Flash Player once again has become a target as the recently patched zero-day exploit that was discovered and patched has become a part of several exploit kits (EK), Malwarebytes researchers reported.
The company said in a blog post that the Angler and Nuclear EKs now include CVE-2015-7645, which was patched by Adobe on 16 October. It affects Flash up to version 18.104.22.168.
Malwarebytes said users should disable or remove the Flash Player in order to completely avoid becoming a victim. But those who choose to keep it should make sure to only use the most recent version and to upload an exploit mitigation tool to remain safe.
Adobe said it is aware that one of the vulnerabilities – CVE-2015-7645, the bug reported by Trend Micro – is being used in “limited, targeted attacks” mainly against national foreign ministry offices.