‘Hacking Team’ Breach Reveals Critical Flash Bug

Among a plethora of exploits reported including vulnerabilities found in Windows and SELinux, security researchers have identified an active exploit used to take advantage of a vulnerability found in Adobe’s Flash player, according to a report in The Register.

These exploits were discovered after the recent Hacking Team hack which is making current waves in the cyber security industry.

Emails, client lists, critical source code, server backups and more were released as a 400GB data dump by the hacker who breached Hacking Team.

The Flash Vulnerability

The leaked source code reveals an Adobe Flash exploit that can be used against browsers with the vulnerable Flash plug-in. The browsers include Google Chrome, Internet Explorer, Firefox and Safari with the exploit affecting multiple versions of the plug-in from Flash Player 9 to the latest version, 18.0.0.194.

Making light of the discovery, security firm Trend Micro noted that the Flash exploit developed by Hacking Team was described as “The most beautiful Flash bug for the last four years,” by its creators. Symantec, a competing security firm tested and confirmed the vulnerability after replicating the exploit on the most recent, patched version of Adobe’s Flash.

Essentially, the exploit allows the attacker to crash the browser to then seize control of the affected system. Adobe itself categorized this as a critical vulnerability in releasing a security bulletin which said:

“A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.”

Crucially, security researchers believe that the Adobe vulnerability is likely to have been exploited by cybercriminals already, due to the public leak of the source code.

Jerome Segura of Malwarebytes noted this in a blog post, saying: “Without a doubt cybercriminals have already got their hands on it and will integrate it in their exploit kits soon.” Symantec stated a similar opinion in its own blog post saying: “Given the source of the proof-of-concept code, it is possible that this vulnerability has already been exploited in the wild.”

The vulnerability could have been patched if Hacking Team had disclosed the information to Adobe but the Italian company’s business model depends on finding vulnerabilities on commercial and popular software to then exploit it for surveillance purposes.

Here at Lifars, we recommend uninstalling Flash as a whole for better security. Popular websites such as YouTube have already made the shift from Flash to HTML5 completely.

As of writing this, Adobe hasn’t updated a patch for the vulnerability yet and is scheduled to do so today, the 8th of July.

Metadata: Several critical exploits have been uncovered from the recent Hacking Team breach including a crucial Flash vulnerability that is yet to be patched.