Adobe to Patch Two More Hacking Team Flash Bugs This Week

Two more critical Adobe Flash bugs are likely being exploited in the wild after they were discovered in the Hacking Team data dump of documents which made its way online a week ago.

Adobe released an updated advisory on Sunday warning users that CVE-2015-5122 and CVE-2015-5123 affect Flash Player and earlier versions for Windows, Mac and Linux.

It added:

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015.”

CVE-2015-5122 was discovered by FireEye threat researcher, Dhanesh Kizhakkinan, who explained in a blog post that it’s a use-after-free flaw.

CVE-2015-5123, on the other hand, was discovered by Trend Micro threat analyst, Peter Pi, who wrote in a separate blog post that it’s a ValueOf bug.

“However, compared to the first two reported Flash zero-day exploits, it involves the BitmapData object and not the TextLine and ByteArray,” he added.

Microsoft is also working on a fix for a vulnerability in the Adobe open font type manager (ATMFD.dll) in the Windows Kernel.

“The DLL is run in the kernel mode. An attacker can exploit the vulnerability to perform privilege escalation which can bypass the sandbox mitigation mechanism,” wrote Trend Micro threat analyst, Jack Tang, last week.

Controversial surveillance technology provider Hacking Team was breached last week and 400GB of alleged internal documents including product source code, sensitive emails and details of exploits it researched and sold to customers were posted online.

The discovery has once again ignited debate around whether the trade in software vulnerabilities between so-called ‘reputable’ companies and governments is ethically any different from that which takes place on the cyber-criminal underground.

In related news, the CEO of Hacking Team David Vincenzetti, has finally broken his silence on the virtual break-in – telling Italian Sunday newspaper La Stampa that he suspects the attack was carried out by a foreign government, according to Reuters.

What’s Hot on Infosecurity Magazine?