Previous Story
Breach of Italy’s Hacking Team prompts security alert as rogue code spills
These have included exploits for jailbroken iPhones, Android tablets and smartphones and a previously undiscovered Adobe Flash vulnerability. What is this bug?
This isn’t the first time Adobe has been forced to act swiftly in order to fix a critical security vulnerability.
As part of the attack, hackers sent a tweet from the Hacking Team’s twitter account that offered a link to 400 GB of the company’s source code, e-mails and internal files. (NASDAQ:AAPL) iPhones for the government and spying on users through the apps that they had installed on their phones.
What should users do?
It is highly advisable to update the Adobe Flash player as soon as possible before going to untrusted websites with flash content. Doing so may increase the chances of compromising the computer.
Adobe Systems has issued a sizeable security update with patches for 36 vulnerabilities, at least one of which is now under attack in the wild.
One of the Flash Player vulnerabilities, CVE-2015-0349, has already been patched, and Adobe said it was working on a patch for the other Flash vulnerability. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
The spear phishing message found by Volexity urges the victim to download and install an updated version of Flash and includes a link to http://get[.]adobe[.]com that instead redirects the recipient to a site hosted by PEG TECH Inc.
Another security flaw is noticed in Windows.
The flaw lives specifically in the Adobe Type Manager kernel module in Windows; the module provides support for OpenType fonts. It affects the windows starting from XP to 8.1. “We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine“, says a Microsoft spokesperson.
Other files indicated Hacking Team was trying to find ways of exploiting most commonly-used operating systems, including Windows, Linux, Mac OS X, iOS and Android.
“You should be extremely cautious and either disable the plugin or make sure you are running anti-exploit mitigation software to protect yourself”.
Something, however, has changed in recent months, and Adobe’s Flash is dead center in attackers’ cross hairs. Why can’t we just uninstall Flash and move on to HTML5? The security vulnerability is still present in the latest versions of Adobe.
