Adobe announced a new zero-day exploit for Flash Player is making the rounds, the third such issue this year. Users are advised to deactive Flash Player until a patch arrives sometime this week.
One of the dangers of the new CVE-2015-0313 vulnerability is that it can be taken advantage of using the Angler Exploit kit, a popular hacking kit. The developers of Angler are rumored to be actively working on discovering fresh bugs in Flash, enabling them to incorporate exploits into Angler before the bugs are publicized.
A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 126.96.36.1996 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe expects to release an update for Flash Player during the week of February 2.