Hacking Team data hack yields two more zero-day Flash vulnerabilities

Last week there was quite some concern about a zero-day vulnerability in Flash that was exploited in the wild following the 400GB data breach at Italian security company Hacking Team. Now FireEye and Trend Micro warn the fallout continues with two more zero-day Flash vulnerabilities:

FireEye was first:

FireEye went public with its zero-day discovery first. The security company said that the new exploit, CVE-2015-5122, followed the format set by the first Flash zero-day to appear last week from the Hacking Team data, and also made use of a Use-After-Free vulnerability.

"The vulnerability is triggered by freeing a TextLine object within the valueOf function of a custom class when setting the TextLine's opaqueBackground," FireEye's Dhanesh Kizhakkinan said in a blog post. "Once the TextLine object is freed, a Vector object is allocated in its place. Returning from valueOf will overwrite the length field of Vector object with a value of 106. (Initial length is 98)."

Then Trend Micro discovered a dangerous Flash bug as well as a zero-day vulnerability in Java:

Over the weekend, Trend Micro said it had found another zero-day, CVE-2015-5123, that was similar to CVE-2015-5122 and reported it to Adobe.

Trend Micro also revealed over the weekend that it had found a Java zero-day targeting NATO and a US defense organisation.

Web users are recommended to disable Flash and Java until the vulnerabilities are plugged.

Source: ZD Net