Hacking team systems were hacked on 5th July, Sunday by an obscure party. The pilfered information (400GB) has afterwards leaked via torrent sharing. Now it seems that subsequently Adobe Flash is vulnerable to attack.
Development History of the Flaw
It comes out into the open embarrassing number of disclosures about actions and clients of the firm that provides software for national security and law enforcement to hack computers and mobile devices of target victims.
However, the leak also revealed information about the code of company’s hacking software. Thus allows virus writers to incorporate the code into their malware. Important information about the company’s Remote Control System that can break the encryption on emails, internet telephony protocols and files was publicly known and patched. Тhe company managed to keep a few vulnerabilities in secret.
Adobe Flash Player Affected
It’s curious that among the leaked information is found Adobe Flash exploit without existing patch. The exploit affects Adobe Flash Player version 18.104.22.168 and is workable against Chrome, Firefox, Internet Explorer and Safari.
Hereupon on Wednesday Adobe released a patch for the bug that covers Flash Player for Windows, Linux and Macintosh. The company explained in a security bulletin that these updates concern critical vulnerabilities.
Adobe classified the vulnerability as critical. Once exploited it could allow a malicious native-code to perform conceivably without users’ awareness. In this case, it means that an attacker can potentially get a permission to take control of the affected system. The name of the vulnerability is CVE-2015-5119, and it has been identified in Adobe Flash Player 22.214.171.124 and earlier versions.
Meanwhile, Hacking Team’s chief marketing officer, Eric Rabe explained in an interview with ZDNet that the attack against the company’s system was “sophisticated”. He claimed Hacking Team knows the way it happened but declined to develop further.