Sunday, 12 July 2015

New Flash Player Flaw Hacking Team Actively Attacked

The Italian Hacking Team appears to have over many more unknown vulnerabilities in Adobe Flash Player than the one that was unveiled earlier this week and one of these leaks is now actively attacked by cyber criminals and an update from Adobe is not yet available.

Thereby running millions of Internet users risk. The situation looks like a repeat of the scenario that played out earlier this week. An attacker managed to break into Hacking Team and made ​​as 400GB of data booty. The data has a zero-day vulnerability for Flash Player encountered. After the discovery added to all kinds of so-called criminals who exploit kits with Internet attack . Adobe then came up with a patch to fix it.

Two new zero days

In the archives of Hacking Team researchers have now two new "zero-day vulnerabilities" found and made ​​public. The vulnerabilities in Adobe Flash Player version and earlier are designated by the CVE numbers CVE-2015-5122 and CVE-2015-5123. One of these vulnerabilities, CVE-2015-5122, cyber criminals have been added to the Angler Exploitkit, reports researcher JuK of the blog Malware Do not Need Coffee. The code has also been added to Metasploit, a program for security professionals and penetration testers can test the security of networks and systems.

Thereby running Internet with Flash Player when visiting a hacked or malicious Web site, see getting infected ads or open a Word document with an embedded Flash file the risk of becoming infected with malware. As this week will come with Adobe emergency patch. However, to be published next week, as the software company in the late notice know, although the advisory refers to the week of 12 July. In the meantime, Internet users can protect themselves by temporarily disabling Flash Player.


The CERT Coordination Center (CERT / CC) at Carnegie Mellon University warns also of vulnerability and allows users to protect themselves from the free Microsoft EMET to install or not to implement Flash content from unreliable.

No comments:

Post a Comment