Adobe whips up patch for Hacking Team’s Flash 0-day attack

Adobe is racing out a patch to fix a flaw in Flash Player that was secretly used by Italian surveillance software outfit Hacking Team — until details of it were leaked on Sunday.

The surprise patch for Flash Player will be released on Wednesday to close a flaw that was being used by the Hacking Team as part of a 'lawful intercept' package it sold to governments around the world to spy on targets.

The Hacking Team has gained notoriety among privacy advocates as a company that sells surveillance malware to governments with questionable human rights records, including agencies from Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Oman, Saudi Arabia and Sudan. According to the leaked documents, it also at one point sold its software to the Australian Federal Police.

An Adobe spokeswoman confirmed to CSO Australia that the fix being delivered was to address a flaw that was discovered on Monday by security researchers who were poring over a 400GB trove of data leaked from the Italian firm on Sunday.

Flaws in Flash Player, along with Adobe Reader, Java and numerous Microsoft products are prized among hackers due to their ubiquity on computers. But fixes can often take months to deliver for affected products, often involving a degree of haggling between researchers who have found them and the vendor of the affected product.

The fix will be an important one for users to apply, in particular now that details of it have been published.

Trend Micro, one of the security firms that discovered the Flash flaw among the Hacking Team’s lost files, noted that the Italian vendor described the exploit as “the most beautiful Flash bug for the last four years.”

Rival security firm Symantec also confirmed the existence of the zero-day flaw, speculating that since details were public other attackers would move to exploit it before Adobe had issued a patch.

Symantec had warned that “it can be expected that groups of attackers will rush to incorporate it into exploit kits before a patch is published by Adobe.”

The swift patch from Adobe will minimise the potential threats to users of Flash Player and will go some way to neutralising recommendations for users to temporarily disable Flash in their browsers. Despite Adobe's rapid response, hackers are still likely to integrate the flaw into exploit kits to take advantage the portion of users who are slow to update vulnerable software.

Adobe has rated the vulnerability as critical. The flaw now has the official identifier CVE-2015-5119, which Adobe confirmed affects Adobe Flash Player — the new version — and earlier versions for Windows, Macintosh and Linux.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” it said in a security bulletin.

“Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015,” it added.

The company credited Google’s squad of expert hackers in its Project Zero team and independent security research Morgan Marquis-Boire for reporting CVE-2015-5119.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags 0-daysecurity bulletinsaudi arabiaKazakhstanNigeriaOmanhackingHacking Teamsymantecflash playerEthiopiatrend microadobedata leakEgyptgovernmentBahrainAzerbaijanCSO AustraliaSudansurveillance malwareMorocco

More about Australian Federal PoliceCSOEnex TestLabFederal PoliceGoogleLinuxMicrosoftMorganSymantecTrend MicroTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place