Researchers have identified exploits for two new Adobe Flash Player zero-day vulnerabilities in the Hacking Team leak. Adobe has promised to patch the newly discovered bugs sometime this week.
Last week, several security firms reported finding zero-day exploits for Flash Player (CVE-2015-5119) and Microsoft Windows vulnerabilities in the 400GB of data stolen by hackers from the systems of Italy-based spyware maker Hacking Team. Shortly after Adobe released an update to address the Flash Player bug, researchers reported finding two additional Flash exploits in the leaked data.
Both of these vulnerabilities affect Flash Player 188.8.131.52 and earlier, and they allow a remote, unauthenticated attacker to execute arbitrary code on affected systems.
Everyone with Flash installed should remove or disable the software until the critical security bugs are patched, or at least enable "click to play" in their browsers so that you know exactly what you're running on your system rather than letting websites play malicious Flash files silently in the background without warning or permission.