Hacking Team Expose Critical Security Flaw In Flash Players

Fact checked by The People's Voice Community

A serious security flaw in the Adobe Flash player has been exposed by the Italian Hacking Team, with researchers urging users to disable Flash on their computers until a security patch is released later in the week. 

The two bugs  (CVE-2015-5122, CVE-2015-5123) affect and earlier versions of Flash on Windows, Mac, and Linux systems. If a hacker makes use of the security flaw they could take complete control of the computer.

Adobe have warned users, “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system”.

Cso.com.au reports:


The Saturday advisory follows a patch it raced out last Wednesday for another Flash Player flaw (CVE-2015-5119) that emerged from the 400GB set of Hacking Team files that were leaked by a hacker last Sunday. Hacking Team sold its computer surveillance program Remote Control System (RCS), or Galileo, to government agencies all over the world, from Australia to Uzbekistan. One of its chief pitches was that the program could help law enforcement overcome encryption by bypassing it with malware that captures communications before encryption.

Given that there isn’t a patch available yet it may be wise to disable Flash Player until one is released.

Criminals who sell toolkits for mass exploitation began integrating the first Flash bug discovered in Hacking Team’s files within hours. Exploit kits are used to build up networks of compromised computers. Security researchers at FireEye and TrendMicro are credited with reporting CVE-2015-5122 and CVE-2015-5123, respectively. The two companies discovered early stage developments of tools that could exploit the flaws, known as proof of concepts (PoC).

But there is, for now, some goods news for end-users of Flash, according to Trend Micro threat analyst Peter Pi.

“It’s still a proof of concept,” he said, referring to the flaw Trend Micro discovered. “We are still looking to see if it is already being used in an attack,” he said.

Nonetheless, Pi recommended disabling Flash until Adobe releases a patch. “Considering that the Hacking team leak is publicly available already, it poses risks to users. As such, we recommend users to disable Adobe Flash Player for the meantime until the patch from Adobe becomes available,” said Pi in a later update.

Sean Adl-Tabatabai
About Sean Adl-Tabatabai 18000 Articles
Having cut his teeth in the mainstream media, including stints at the BBC, Sean witnessed the corruption within the system and developed a burning desire to expose the secrets that protect the elite and allow them to continue waging war on humanity. Disturbed by the agenda of the elites and dissatisfied with the alternative media, Sean decided it was time to shake things up. Knight of Joseon (https://joseon.com)