<p>Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.<br><br>Details of the vulnerability surfaced following a cyberattack against the controversial Italian hackers-for-hire firm Hacking Team. Proof-of-concept code for exploit of the vulnerability was part of a large cache of internal information leaked by the attackers. Given the source of the proof-of-concept code, it is possible that this vulnerability has already been exploited in the wild. Following its disclosure, it can be expected that groups of attackers will rush to incorporate it into exploit kits before a patch is published by Adobe.<br><br>Analysis by Symantec has confirmed the existence of this vulnerability by replicating the proof-of-concept exploit on the most recent, fully patched version of Adobe Flash (18.0.0.194) with Internet Explorer. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected computer.<br><br>Symantec regards this vulnerability as critical since it could allow attackers to remotely run code on an affected computer, effectively allowing them to take control of it.<br><br>Adobe has issued a security advisory to address this critical vulnerability (CVE-2015-5119), and confirmed it has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Adobe added it is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on 8 July 2015.</p>