"SophosLabs has seen samples of [the exploit] from Blackhole and are analyzing them now to determine if they actually work," Chester Wisniewski, a senior security adviser at antivirus firm Sophos, said Tuesday via email. "So, yes, we can confirm it has been added, but still working out if they did it right."

Security researchers from antivirus vendor ESET also confirmed via email that Blackhole now includes the exploit.

Kaspersky's new report shows that not only has the exploit been added to Blackhole, but the toolkit's customers have already started using it.

"In relation to the other exploits included in the pack, victims are getting hit only a fair number of times with the 0day [the unpatched vulnerability]," Baumgartner said.

This might be because, according to reports from various vulnerability researchers, this new flaw only affects Java 7. "Java 7 is not as widely deployed as other vulnerable versions of frequently attacked client-side software," Baumgartner said Tuesday via email.