By Tuesday afternoon, the critical flaw was being targeted in the wild by an array of malware titles, including the Angler and Nuclear exploit kits, as first reported by Malwarebytes (and later documented by the security researcher known as Kafeine).
Advertisement
This new version also adopts Adobe’s new mechanism that allows users to install Flash Player without actually restarting their browsers, but the parent company says that a few improvements in this regard are still needed because, in some scenarios, a reboot might still be required. Hacking Team describes the Flash flaw as “the most beautiful Flash bug for the last four years”, suggesting that the company may have been using this to access people’s machines for quite some time.
The stolen information highlights the Flash vulnerability, and indicates that Hacking Team had been exploiting it without Adobe’s knowledge.
Hacking Team provides cyber surveillance software to government intelligence agencies around the world, but was itself the victim of a cyber attack this week.
The vulnerability was discovered when well-know security researcher Brian Krebs of Trend Micro found a document, glutted among the massive amount of data leaked during the recent hacking of the infamous hacker group, The Hacking Team. One of the zero-days exploits a vulnerability in the Windows kernel, while the other two relate to Adobe’s Flash. Such kits sold for as much as $15,000 and used to launch attack code on web users’ PCs or phones as they peruse the internet.
The vulnerability, which bypasses the Windows Control Flow Guard security system, affects Adobe Flash Player 9 or higher.
However, he noted that the zero-day is not weaponised, but is simply a proof of concept (PoC) that Hacking Team provided to customers.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system”, as stated by a statement from Adobe.
Advertisement
The Hacking Team exploit was leaked together with a detailed readme file that contained instructions on how it works and how to use it. “This Flash exploit has not yet been given the CVE number”, Trend Micro writes. These attacks are typically launched from compromised websites or through malicious advertisements.
