Industry News

Adobe Patches Zero-Day Used in Hacking Team Breach

Adobe has closed a Flash Player zero-day vulnerability allegedly exploited in the recent Hacking Team leak. The exploit is reported to have already been made public.

This week, hackers leaked 400 GB of data belonging to technology manufacturer Hacking Team -including internal documents, emails, slideshow presentations and more.

To carry out the intrusion, attackers capitalized on a critical vulnerability known as – CVE-2015-5119. This is a use-after-free vulnerability active in Flash versions 18.0.0.194 and earlier.

It seems the zero-day was spotted in exploit kits found on dark web sites – namely Neutrino Exploit Kit, the Angler Exploit Kit and the Nuclear Exploit Kit.

How do you get infected?

These tools are usually hosted on compromised servers and served like regular web pages. Once the user lands on one of these pages, his browser is inspected and a specific type of content is served to make it crash. After crashing, a payload is executed with no user interaction and the computer is silently infected.

Exploits predictably arrive disguised as email attachments, compromised websites and other social engineering schemes. This means that, once executed by the user, they allow cybercriminals to take over the system, steal data or prevent the software from working at all.

So, it’s crucial that users update their Windows, Linux or Mac systems with the latest Adobe Flash versions. However, updates need to be performed from Adobe’s official site, and not from websites or email attachments that could be taking advantage of this vulnerability to spread malware.

Interested in reading about the seven most exploited vulnerabilities in the wild, according to Bitdefender? Read more.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.