Adobe Flash Player Zero-Day Vulnerability Exposed In Hacking Team Leaked Files

Hacked files from Italy-based spying software development firm, Hacking Team have exposed a critical vulnerability in the widely used browser plug-in, the Adobe Flash Player. Two days ago, unidentified hackers managed to break into the Milan-based IT firm and steal 400GB of confidential company data. The main purpose of the well executed hack was to expose the fact that the company was indeed helping oppressive regimes across the world to spy on activists and journalists by selling them the surveillance tool, Da Vinci and another spyware tool called the Remote Control System. While the company’s representatives had claimed in the past that they never sell their creations to sketchy governments, the hacks managed to refute their claims.

Adobe

Coming to the main story, the information about the 0day hack was uncovered by the security researchers at #-Link-Snipped-# and verified by the fellows at #-Link-Snipped-#. The documentation written by Hacking Team employees describes the flaw as "the most beautiful Flash bug for the last four years". The leaked files from Hacking Team, show the existence of a zero-day proof-of-concept where the attacker can hijack a victim’s computer though the Flash Player and command it to open an application such as the Windows calculator. While the documents show that the vulnerability is found on Adobe Flash Player 9 and above, external sources have confirmed that the bug has not been patched in the latest version, 18.0.0.194 that runs on Internet Explorer, Chrome, Firefox and Safari. The unnerving news here is that a release version of the proof-of-concept with real attack shellcode was also leaked in the hack. This means nefarious hackers across the world can take the code and execute it willy-nilly on anyone’s computer.

hackingteam1

hackingteam2

The good news here is that Trend Micro claims that an active attack has not yet been spotted in the wild. Representatives from Adobe have also confirmed that they are working on patching the vulnerability and shall be releasing an updated version sometime today. Until then users are being advised to disable the Flash Players in their browsers.

Source: #-Link-Snipped-#

Replies

  • Satya Swaroop Dash
    Satya Swaroop Dash
    Update: Adobe has released the updated version of the Flash Player with the vulnerability patched, Download now here:
    #-Link-Snipped-#

You are reading an archived discussion.

Related Posts

Hi i'm an electronics engineering graduating student, i need help for my project proposal...i'm thinking of a project that is applicable for agriculture (automation) or else can help in times...
We are designing a frame with hollow pipes and we are using TIG welds to fill the openings. But in Cad Model we still have openings at the joints.Can anyone...
Wish you many many Happy Returns Of The Day, @Prasad Ajinkya AKA Kidakaka 😁🎉​
My rank is 3894 in section(a+b). Can i get a cdac pune or sunbean pune for the (dac) course or (dmc)means mobile computing course or any other course under section(A+B)....
a very good tools to calculate dish end in excel