Adobe to patch Flash 0-Day created by Hacking Team

There have been additional developments in the Hacking Team story, the latest being that the Adobe Flash vulnerability discovered in the 400GB cache of documents has been picked up by the Neutrino and Angler exploit kits.

[See Also: In Pictures: Hacking Team's hack curated]

The Flash exploit was used by Hacking Team for demos, and the version of it leaked to the public only included a simple proof-of-concept that launched calc.exe. However, the exploit kit developers were quick to weaponize it thank to detailed instructions provided by Hacking Team documentation.

Attacks have been observed on both Chrome and Firefox.

"This is one of the fastest documented case of an immediate weaponization in the wild," commented Malwarebytes' Jérôme Segura.

Researchers at Trend Micro also detected the exploit circulating in the wild, but noted that the Hacking Team code leveraged a trick that was first observed during Pwn2Own earlier this year.

Alerted to the issue by privacy advocate and security expert Morgan Marquis-Boire and Google's Project Zero, Adobe listed the issue as critical and said they would release a patch for Flash later today. The vulnerability has been assigned to CVE-2015-5119.

All versions of Adobe Flash Player from and earlier on Windows and OS X are vulnerable.

In addition, Adobe Flash Player Extended Support Release version and earlier 13.x versions are also vulnerable. Adobe Flash Player version and earlier 11.x versions for Linux will need a patch too.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags VulnerabilitiesmalwareGoogleFirefoxtrend microExploits / vulnerabilitiesMalwarebytesHacking Team

More about GoogleLinuxMalwarebytesMorganTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

More videos

Blog Posts