Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Two New Flash Player Zero-Day Bugs Found in Hacking Team Leak

Researchers have identified exploits for two new Adobe Flash Player zero-day vulnerabilities in the Hacking Team leak. Adobe has promised to patch the newly discovered bugs sometime this week.

Researchers have identified exploits for two new Adobe Flash Player zero-day vulnerabilities in the Hacking Team leak. Adobe has promised to patch the newly discovered bugs sometime this week.

Last week, several security firms reported finding zero-day exploits for Flash Player (CVE-2015-5119) and Microsoft Windows vulnerabilities in the 400GB of data stolen by hackers from the systems of Italy-based spyware maker Hacking Team. Shortly after Adobe released an update to address the Flash Player bug, researchers reported finding two additional Flash exploits in the leaked data.

One of the new Flash Player zero-days (CVE-2015-5122), involving the opaqueBackground property of the DisplayObject class in ActionScript 3, was reported to Adobe by FireEye. The security company noted that the proof-of-concept (PoC) code for this use-after-free (UAF) flaw was likely written by the author of the PoC for CVE-2015-5119.

The second unpatched UAF vulnerability (CVE-2015-5123) is related to the ActionScript 3 BitmapData object. The issue was reported to Adobe by Trend Micro and the security researcher known online as “slipstream/RoL” (@TheWack0lian).

Both of these vulnerabilities affect Flash Player 18.0.0.204 and earlier, and they allow a remote, unauthenticated attacker to execute arbitrary code on affected systems. According to an advisory published by Adobe over the weekend, patches for these bugs will be made available in the week of July 12.

The security researcher known as Kafeine reported that the Angler exploit kit has been leveraging CVE-2015-5122 since Saturday. Other exploit kits will likely follow soon.

The first Flash Player vulnerability whose existence came to light following the Hacking Team breach was integrated into several exploit kits. The flaw was also leveraged by advanced persistent threat (APT) actors such as Wekby (APT 18) and UPS (APT3) in their operations.

In a statement published last week, Hacking Team said it was concerned that the code published by hackers allows anyone to deploy the company’s surveillance software.

Advertisement. Scroll to continue reading.

“Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so,” Hacking Team said. “We believe this is an extremely dangerous situation.”

Despite numerous accusations that it sold its solutions to totalitarian governments, the Italian company has denied doing anything illegal. However, the data leaked as a result of the breach appears to show that the company was well aware that its products had been used in countries such as Sudan, Ethiopia and Saudi Arabia.

Marietje Schaake, a Dutch member of the European Parliament, has asked the European Commission and Italian authorities to investigate Hacking Team’s activities.

Related: Hacking Team’s Flash Player Zero-Day Spotted in Attacks Prior to Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.