Adobe to patch Flash 0-Day created by Hacking Team

Security experts have already started to see the exploit used in the wild

hackingteam hacked logo
Credit: Steve Ragan / Twitter

There have been additional developments in the Hacking Team story, the latest being that the Adobe Flash vulnerability discovered in the 400GB cache of documents has been picked up by the Neutrino and Angler exploit kits.

[See Also: In Pictures: Hacking Team's hack curated]

ht rcs 019

The Flash exploit was used by Hacking Team for demos, and the version of it leaked to the public only included a simple proof-of-concept that launched calc.exe.

However, exploit kit developers were quick to weaponize it thanks to detailed instructions provided by Hacking Team documentation.

Attacks have been observed on both Chrome and Firefox.

"This is one of the fastest documented [cases] of an immediate weaponization in the wild," commented Malwarebytes' Jérôme Segura.

Researchers at Trend Micro also detected the exploit circulating in the wild, but noted that the Hacking Team code leveraged a trick that was first observed during Pwn2Own earlier this year.

Alerted to the issue by privacy advocate and security expert Morgan Marquis-Boire and Google's Project Zero, Adobe listed the issue as critical and said they would release a patch for Flash later today.

The vulnerability has been assigned to CVE-2015-5119.

All versions of Adobe Flash Player from and earlier on Windows and OS X are vulnerable.

In addition, Adobe Flash Player Extended Support Release version and earlier 13.x versions are also vulnerable. Adobe Flash Player version and earlier 11.x versions for Linux will need a patch too.

This story, "Adobe to patch Flash 0-Day created by Hacking Team" was originally published by CSO.

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies