Update (07/07 11:55 AM PT): Adobe released a security bulletin about this vulnerability which is assigned CVE-2015-5119. A fix is scheduled for July 8.
– – – –
The security community was ablaze yesterday with the news of a massive data dump and hack of most controversial firm Hacking Team.
Hacking Team specializes in surveillance software which it resells to various governments around the world, and in particular to some oppressive regimes, a major issue that has activists outraged.
The data stolen from the firm contains several gigabytes worth of exploits, malware and other very sensitive information.
Among them, a new Flash Player zero day (CVE-2015-5119) affecting Flash Player up to version 18.0.0.194 was found and is making headlines.
We analyzed a copy of the exploit and can confirm that Malwarebytes Anti-Exploit users were already protected against this threat:
Without a doubt cyber criminals have already got their hands on it and will integrate it in their exploit kits soon.
Software vendor Adobe is said to be working on an emergency patch. In the meantime, you should be extremely cautious and either disable the plugin or make sure you are running anti-exploit mitigation software to protect yourself.
We will update this blog post with additional information as it comes through.
COMMENTS
Pingback: Vulnerabilidad de día cero en Adobe Flash | Alestra CERT()
Pingback: What have we learned so far from Hacking Team pwnage? Flash and Windows zero-day holes | TechDiem.com()
Pingback: PSA: Flash Zero-Day Now Active in The Wild | Malwarebytes Unpacked()
Pingback: ste williams – Adobe Flash, Windows driver zero-days leak from Hacking Team raid()
Pingback: Hacking Team Exposed By Hack - TechRaptor()
Pingback: ste williams – Critical Adobe Flash, Windows zero-days leak from Hacking Team raid()
Pingback: ste williams – KILLER! Adobe Flash, Windows zero-day vulns leak from Hacking Team raid()
Pingback: Flash is killing Chrome this week — so let’s disable Flash in Chrome | 7aya.net English Topics()
Pingback: Flash is killing Chrome this week — so let's disable Flash in Chrome | Android Timeline()
Pingback: Vazamento de empresa hackeada revela grave vulnerabilidade no Flash | Todos de TI()
Pingback: CPN | Flash is killing Chrome this week — so let’s disable Flash in Chrome()
Pingback: Flash is killing Chrome this week — so let's disable Flash in Chrome | Zentora()
Pingback: Flash is killing Chrome this week — so let's disable Flash in Chrome | Android App For Pc()
Pingback: Adobe Patches Flash Bug Exploited After Hacking Team Leak | Laptop Charger USA()
Pingback: Adobe Patches Flash Bug Exploited After Hacking Team Leak | Laptop Charger Canada()
Pingback: Adobe Patches Flash Bug Exploited After Hacking Team Leak – PC MagazineAll Breaking News | All Breaking News()
Pingback: Adobe Patches Flash Bug Exploited After Hacking Team Leak | Christmas Hot Deals()
Pingback: Flash is killing Chrome this week — so let’s disable Flash in Chrome | Cheap Android Accessories()
Pingback: Yet Another Flash Zero-Day | ResearchBuzz: Firehose()
Pingback: Uganda, New Jersey, Chicago, More: Friday Buzz, July 10th, 2015 | ResearchBuzz()
Pingback: New Hacking Team Flash Player 0day Uncovered | Malwarebytes Unpacked()
Pingback: Hacking Team data breach was down to extremely weak passwords - Meta Thrunks Security Blog()
Pingback: A Week in Security (Jul 05 – Jul 11) | Malwarebytes Unpacked()
Pingback: How to disable the Flash plugin for Chrome | Universal Technologies()
Pingback: Are Breaches Killing Flash?()
Pingback: CVE-2015-5119 and the Value of Security Research and Ethical Disclosure | Telnet Networks News()
Pingback: Chinese Actors Copy and Paste HackingTeam Zero-Days in Site Hack | Malwarebytes Unpacked()
Pingback: Chinese Actors Copy and Paste HackingTeam Zero-Days in Site Hack | vyagers()
Pingback: ‘Hacking Team’ Breach Reveals Critical Flash Bug – LIFARS()
Pingback: The Hacking Quandary | TechCrunch()
Pingback: The Hacking Quandary | News Post – Breaking News()
Pingback: The Hacking Quandary | Entire News Link()
Pingback: The Hacking Quandary » Peepstalks!()
Pingback: The Hacking Quandary - DailyScene.comDailyScene.com()
Pingback: The Hacking Quandary - **** on Heels()
Pingback: The Hacking Quandary | Keeran Singh()
Pingback: The Hacking Quandary - Viral World News UK()
Pingback: The Hacking Quandary()
Pingback: The Hacking Quandary | WOW! News()
Pingback: The Hacking Quandary | Viral World news()
Pingback: The Hacking Quandary | The H2O Standard()
Pingback: The Hacking Quandary | WeeklyTimesNews.com()
Pingback: Adobe Fixes Flash Player Bug Leaked in ‘Team Hacking’ Attack()