DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 21, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 118 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Hacking Team data hack yields two more zero-day Flash vulnerabilities

Posted on Monday, July 13 2015 @ 11:58:19 CEST by


Adobe Flash logo
Last week there was quite some concern about a zero-day vulnerability in Flash that was exploited in the wild following the 400GB data breach at Italian security company Hacking Team. Now FireEye and Trend Micro warn the fallout continues with two more zero-day Flash vulnerabilities:

FireEye was first:
FireEye went public with its zero-day discovery first. The security company said that the new exploit, CVE-2015-5122, followed the format set by the first Flash zero-day to appear last week from the Hacking Team data, and also made use of a Use-After-Free vulnerability.

"The vulnerability is triggered by freeing a TextLine object within the valueOf function of a custom class when setting the TextLine's opaqueBackground," FireEye's Dhanesh Kizhakkinan said in a blog post. "Once the TextLine object is freed, a Vector object is allocated in its place. Returning from valueOf will overwrite the length field of Vector object with a value of 106. (Initial length is 98)."
Then Trend Micro discovered a dangerous Flash bug as well as a zero-day vulnerability in Java:
Over the weekend, Trend Micro said it had found another zero-day, CVE-2015-5123, that was similar to CVE-2015-5122 and reported it to Adobe.

Trend Micro also revealed over the weekend that it had found a Java zero-day targeting NATO and a US defense organisation.
Web users are recommended to disable Flash and Java until the vulnerabilities are plugged.

Source: ZD Net



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba