Adobe to plug Hacking Team Zero Day Flash vulnerability

Last weekend, Hacking Team became Hacked Team after over 400GB of confidential company data was leaked, and it’s emerged that a major Adobe Flash Player exploit is part of that package.

A security bulletin released by Adobe explained that a critical vulnerability (CVE-2015-5119) has been found in Flash Player 18.0.0.194 and earlier for Windows, Mac and Linux. It has the potential to let an attacker take full control over a system.

One of the Flash exploits (CVE-2015-0349) has already been patched up but another was described by Hacking Team as “the most beautiful Flash bug for the last four years since CVE-2010-2161”.

The latter allows malicious actors to execute code on a target machine by using a website and can be used against a raft of different browsers including Internet Explorer, Mozilla Firefox, Safari and Google Chrome.

Patch is coming

Adobe will release a security patch to cover up the vulnerability later today yet this might not be the end to the damage caused by the leaks from Hacking Team’s locker of vulnerabilities.

The Italian company has a range of different services and tools to help organisations and governments garner data on individuals with the hacked files revealing customers in Kazakhstan, Saudi Arabia, Oman, Lebanon, Mongolia, Azerbaijan, Kazakhstan, Malaysia, Sudan, Russia and UAE.