Attackers abusing dangeorus unpatched Flash vulnerability

Posted on Wednesday, Jul 08 2015 @ 14:19 CEST by Thomas De Maesschalck
Flash logo
Earlier this week news hit the web that security firm Hacking Team fell victim to a hacking attack that resulted in the theft of over 400GB of data. The firm provides malware tools to government and law enforcement agencies all over the world, including to repressive regimes.

Now we learn that the hack of security firm Hacking Team also resulted in the leak of a dangerous zero-day Flash vulnerability that's already being abused by three exploit kits. Adobe is expected to release a patch today or on Thursday, in the meantime it may be a smart idea to disable Flash in your browser(s).
Researchers sifting through the confidential material stolen from spyware developer Hacking Team have already uncovered a weaponized exploit for a currently unpatched vulnerability in Adobe Flash, and they also may have uncovered attack code targeting Microsoft Windows and a hardened Linux module known as SELinux.

Hacking Team documentation accompanying the Flash exploit said it targeted "the most beautiful Flash bug for the last four years," according to a blog post published Wednesday by researchers from antivirus provider Trend Micro. The use-after-free flaw resides in a Flash Bytearray object. Researchers at competing AV company Symantec have confirmed the existence of a Flash exploit that works against the latest version of Flash (18.0..194). They also have confirmed it works against people viewing content with Internet Explorer, and it's presumed it will work against other browsers as well.
Source: ARS Technica

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments