Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day.
The existence of this particular vulnerability was just leaked from Hacking Team; Adobe has confirmed this vulnerability and released an advisory. This advisory also confirms that this flaw has been assigned a CVE number, CVE-2015-5119. Adobe’s bulletin also confirms that all versions of Flash Player in use today are potentially vulnerable.
All Flash Player users are at risk until they can download the patch. It is expected that a patch will be delivered by Adobe sometime on July 8. We noted earlier this month that Flash Player was being targeted more frequently by exploit kits, and that pattern shows no sign of changing soon.