The Hacker News Logo
Subscribe to Newsletter

Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump

Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump
Another Flash zero-day exploit has emerged from the hundreds of gigabytes of data recently leaked from Hacking Team, an Italian surveillance software company that is long been accused of selling spying software to governments and intelligence agencies.

The critical zero-day vulnerability in Adobe Flash is a Use-After-Free() programming flaw (CVE-2015-5122) which is similar to the CVE-2015-5119 Flash vulnerability patched last week and allows an attacker to hijack vulnerable computers.

Adobe says the cyber criminals are apparently already exploiting this vulnerability for which no patch exists yet. However, it's second time in a single week when the company is working on a fix for the zero-day vulnerability in its Flash Player software.

Flash Zero-Day Flaw in the Wild


The Exploit code for this flaw is already available online, allowing an attacker to remotely execute malicious code on victims' computers and install malware, Adobe said in an advisory published late Friday.
"Successful exploitation [of CVE-2015-5122 flaw] could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.
The zero-day vulnerability is present in the latest Adobe Flash Player version 18.0.0.204 and earlier versions for Windows, Linux and OS X.

Adobe credited FireEye researcher Dhanesh Kizhakkinan for reporting the vulnerability documented in stolen data leaked from Hacking Team.

Therefore, once again we advise everyone with Flash installed to remove or disable the software until the company patches the critical security bug.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.