1. Home >
  2. Apps >
  3. Groups >

Adobe Flash Player Zero-Day Vulnerability Exposed In Hacking Team Leaked Files

Question asked by Satya Swaroop Dash in #Hacking and Security on Jul 8, 2015
Satya Swaroop Dash
Satya Swaroop Dash · Jul 8, 2015
Rank A3 - PRO
Hacked files from Italy-based spying software development firm, Hacking Team have exposed a critical vulnerability in the widely used browser plug-in, the Adobe Flash Player. Two days ago, unidentified hackers managed to break into the Milan-based IT firm and steal 400GB of confidential company data. The main purpose of the well executed hack was to expose the fact that the company was indeed helping oppressive regimes across the world to spy on activists and journalists by selling them the surveillance tool, Da Vinci and another spyware tool called the Remote Control System. While the company’s representatives had claimed in the past that they never sell their creations to sketchy governments, the hacks managed to refute their claims.

Adobe

Coming to the main story, the information about the 0day hack was uncovered by the security researchers at Trend Micro and verified by the fellows at Symantec. The documentation written by Hacking Team employees describes the flaw as "the most beautiful Flash bug for the last four years". The leaked files from Hacking Team, show the existence of a zero-day proof-of-concept where the attacker can hijack a victim’s computer though the Flash Player and command it to open an application such as the Windows calculator. While the documents show that the vulnerability is found on Adobe Flash Player 9 and above, external sources have confirmed that the bug has not been patched in the latest version, 18.0.0.194 that runs on Internet Explorer, Chrome, Firefox and Safari. The unnerving news here is that a release version of the proof-of-concept with real attack shellcode was also leaked in the hack. This means nefarious hackers across the world can take the code and execute it willy-nilly on anyone’s computer.

hackingteam1

hackingteam2

The good news here is that Trend Micro claims that an active attack has not yet been spotted in the wild. Representatives from Adobe have also confirmed that they are working on patching the vulnerability and shall be releasing an updated version sometime today. Until then users are being advised to disable the Flash Players in their browsers.

Source: Ars Technica Posted in: #Hacking and Security
Satya Swaroop Dash
Satya Swaroop Dash · Jul 8, 2015
Rank A3 - PRO
Update: Adobe has released the updated version of the Flash Player with the vulnerability patched, Download now here:
https://www.adobe.com/products/flashplayer/distribution3.html

You must log-in or sign-up to reply to this post.

Click to Log-In or Sign-Up