Story image

Symantec: Leaked Flash zero-day likely to be exploited by attackers

08 Jul 2015

Security software firm Symantec have confirmed the existence of a new zero-day vulnerability in Adobe Flash, which could allow attackers to remotely execute code on a targeted computer. 

Symantec says since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.

Details of the vulnerability surfaced following a cyberattack against the controversial Italian hackers-for-hire firm Hacking Team. Proof-of-concept code for exploit of the vulnerability was part of a large cache of internal information leaked by the attackers, Symantec explains in a blog post. 

“Given the source of the proof-of-concept code, it is possible that this vulnerability has already been exploited in the wild,” the company writes. “Following its disclosure, it can be expected that groups of attackers will rush to incorporate it into exploit kits before a patch is published by Adobe.”

Analysis by Symantec has confirmed the existence of this vulnerability by replicating the proof-of-concept exploit on the most recent, fully patched version of Adobe Flash (18.0.0.194) with Internet Explorer.

Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected computer.

Adobe has yet to comment on the vulnerability and a patch has not yet been published, Symantec says. “Symantec regards this vulnerability as critical since it could allow attackers to remotely run code on an affected computer, effectively allowing them to take control of it,” it says. 

Symantec says users who are concerned about this issue can temporarily disable Adobe Flash in their web browser.

Apple launches revamped iPad Air & iPad mini
Apple loves tinkering with its existing product lines and coming up with new ways to make things more powerful – and both the iPad Air and iPad mini seem to be no exception.
IntegrationWorks continues expansion with new Brisbane office
The company’s new office space at the Riverside Centre overlooks the Brisbane River and Storey Bridge.
Emerging tech helps savvy SMB’s succeed
A CompTIA report shows SMBs are taking on the challenge of emerging technologies to reach their business goals.
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
On the road again: How to tackle mileage reporting for business
There may not be too much of a budget for company vehicles in an SMB’s day-to-day business, which means many people are increasingly using their own vehicles for work purposes.
Digital experience managers, get excited for Adobe Summit 2019
“Digital transformation may be a buzzword, but companies are trying to adapt and compete in this changing environment.”
HP extends laptop & workstation recall due to battery fire hazard
HP has extended its worldwide recall of several notebooks and mobile workstations due to the high risk of fire and burn hazards.