According to TrendMicro this vulnerability exists in all versions up to 18.0.0.204 and there is no patch for it yet. Adobe has stated that they expect to have a fix for the flaw this week. This new bug comes on the heels of a bug that was found in the Neutrino exploit kit. The first bug was just patched a few days ago and was found in some of the leaked data from the Hacking Team breach. Hacking Team develops and sells malware/spyware to countries and law enforcement.
The breach, which claimed 400GB of sensitive data including source code, was found to be the result of weak passwords. It is something of a joke that a security firm would have weak passwords protecting sensitive data, but we have seen worse cases of bad security behavior in the past. As we wrote a few days ago we expect to hear about more “fun” things in the data stolen from the Hacking Team in the coming days and would not be surprised at all to hear about a few more exploits. After all, one of the things that these companies do is discover flaws in operating systems and applications so their software can do its job…
It is going to get ugly so stay safe out there.
Monday, 13 July 2015 06:41
New Flaw found in Flash Player, yes another one.
Written by Sean KalinichReading time is around minutes.
Although it will not come as a surprise, there seems to be yet another bug in Adobe’s flash player that allows for an attacker to potentially take control of a system by forcing a crash of the application. According to TrendMicro, CVE 2015-5123 is a critical bug in the latest version of Flash player for Linux, Windows, and OSX operating systems. Adobe has already released a customer advisory stating they are already aware of this flaw being exploited in the wild.
Latest from Sean Kalinich
- ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
- Social Manipulation as a Service – When the Bots on Twitter get their Check marks
- To Release or not to Release a PoC or OST That is the Question
- There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
- NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Leave a comment
Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.