Malware hunters have spotted a previously unknown — and unpatched — Adobe Flash vulnerability being exploited in the wild.

The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Adobe’s product security incident response team is saying that all versions of Flash Player 9.0.124.0 are not vulnerable to these exploits.