Lucene search

K
thnSwati KhandelwalTHN:81AF218D527E626B7FE15454B68E5FF0
HistoryJul 11, 2015 - 8:34 p.m.

Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump

2015-07-1120:34:00
Swati Khandelwal
thehackernews.com
210

0.974 High

EPSS

Percentile

99.9%

Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump

Another Flash zero-day exploit has emerged from the hundreds of gigabytes of data recently leaked from Hacking Team, an Italian surveillance software company that is long been accused of selling spying software to governments and intelligence agencies.

The critical zero-day vulnerability in Adobe Flash is a Use-After-Free() programming flaw (CVE-2015-5122) which is similar to the CVE-2015-5119 Flash vulnerability patched last week and allows an attacker to hijack vulnerable computers.

Adobe says the cyber criminals are apparently already exploiting this vulnerability for which no patch exists yet. However, it’s second time in a single week when the company is working on a fix for the zero-day vulnerability in its Flash Player software.

Flash Zero-Day Flaw in the Wild

The Exploit code for this flaw is already available online, allowing an attacker to remotely execute malicious code on victims’ computers and install malware, Adobe said in an advisory published late Friday.

> “Successful exploitation [of CVE-2015-5122 flaw] could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said.

The zero-day vulnerability is present in the latest Adobe Flash Player version 18.0.0.204 and earlier versions for Windows, Linux and OS X.

Adobe credited FireEye researcherDhanesh Kizhakkinanfor reporting the vulnerability documented in stolen data leaked from Hacking Team.

Therefore, once again we advise everyone with Flash installed to remove or disable the software until the company patches the critical security bug.

0.974 High

EPSS

Percentile

99.9%

Related for THN:81AF218D527E626B7FE15454B68E5FF0