Story image

Symantec: Leaked Flash zero-day likely to be exploited by attackers

08 Jul 15

Security software firm Symantec have confirmed the existence of a new zero-day vulnerability in Adobe Flash, which could allow attackers to remotely execute code on a targeted computer. 

Symantec says since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.

Details of the vulnerability surfaced following a cyberattack against the controversial Italian hackers-for-hire firm Hacking Team. Proof-of-concept code for exploit of the vulnerability was part of a large cache of internal information leaked by the attackers, Symantec explains in a blog post. 

“Given the source of the proof-of-concept code, it is possible that this vulnerability has already been exploited in the wild,” the company writes. “Following its disclosure, it can be expected that groups of attackers will rush to incorporate it into exploit kits before a patch is published by Adobe.”

Analysis by Symantec has confirmed the existence of this vulnerability by replicating the proof-of-concept exploit on the most recent, fully patched version of Adobe Flash (18.0.0.194) with Internet Explorer.

Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected computer.

Adobe has yet to comment on the vulnerability and a patch has not yet been published, Symantec says. “Symantec regards this vulnerability as critical since it could allow attackers to remotely run code on an affected computer, effectively allowing them to take control of it,” it says. 

Symantec says users who are concerned about this issue can temporarily disable Adobe Flash in their web browser.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."