Guest Posted July 7, 2015 Report Posted July 7, 2015 (edited) The Recent Cyber Attack that exposed 400GB of corporate data belonging to surveillance software firm Hacking Team has revealed that the spyware company have already discovered an exploit for an unpatched zero-day vulnerability in Flash Player.Security researchers at Trend Micro claim that the leaked data stolen from Hacking Team, an Italian company that sells surveillance software to government agencies, contains a number of unpatched and unreported Adobe flaws.Hacking Team has Unpatched Flash Bug While analyzing the leaked data dump, researchers discovered at least three software exploits – two for Adobe Flash Player and one for Microsoft's Windows kernel.Out of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with CVE-2015-0349, has already been patched.However, the Hacking Team described the other Flash Player exploit, which is a zero-day exploit with no CVE number yet, as "the most beautiful Flash bug for the last four years."Symantec has also confirmed the existence of the zero-day flaw in Adobe Flash that could allow hackers to remotely execute code on a targeted computer, actually allowing them to take full control of it. Researchers found a Flash zero-day proof-of-concept (POC) exploit code that, after testing, successfully worked on the most latest, fully patched version of Adobe Flash (version 18.0.0.194) with Internet Explorer.Successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing a hacker to take complete control of the affected computer.Zero-Day Flash Flaw Affects All Major BrowsersThe zero-day vulnerability affects all major web browsers, including Microsoft's Internet Explorer,Google's Chrome, Mozilla's Firefox as well as Apple's Safari. Researchers have not spotted any attacks in the wild exploiting this zero-day flaw. However, since details of the vulnerability are now made publicly available, it is likely cybercriminals will quickly try to exploit the flaw before a patch is issued.Therefore, users who are concerned about the issue can temporarily disable the Adobe Flash Player in their browser until the company patches the zero-day flaw.Sursa: http://thehackernews.com/2015/07/flash-zero-day-vulnerability.html Edited July 7, 2015 by NETGEAR Quote
wildchild Posted July 7, 2015 Report Posted July 7, 2015 nigga' pleaseinside job all the wayTe referi la leak-uri sau faptul c? Adobe era con?tient de asta? Quote
wildchild Posted July 7, 2015 Report Posted July 7, 2015 Adobe 100% în colaborare cu NSA/FBI dar dac? e inside job cine ar fi riscat s? fie ar?tat cu degetul tot restul vie?ii? Pentru c? ei o s? fie proscri?i ?i chiar clien?ii lor o s? le cauzeze dureri de cap de acum încolo. Quote
