Given the nastiness of this attack (a fully interactive client-side backdoor!), the non-trivial nature of the algorithms and coding theory required, and the slow uptake of Flash patches especially in enterprise [1], this seems like downright irresponsible disclosure to share such a detailed post (with a repository and detailed instructions for script kiddies!) so quickly after notifying companies. I can understand all too well how excited the researcher must have been to discover this and share it with the world, but jeez: wait until the Flash patch hits an inflection point on the adoption curve at least!<p>[1](<a href="http://krebsonsecurity.com/2014/05/the-mad-mad-dash-to-update-flash/#more-25957" rel="nofollow">http://krebsonsecurity.com/2014/05/the-mad-mad-dash-to-updat...</a>)