Two further critical Flash zero-day vulnerabilities have been found, thanks to leaked data from the Hacking Team breach. All current versions of Flash are impacted. Here to comment on this news are security experts from Tripwire.
Tim Erlin, Director of IT Security and Risk Strategy, Tripwire :
“If Hacking Team had these exploits, and was keeping them unpublished, then it’s likely other hacking organizations did as well.
The real challenge with these ‘zero-day’ vulnerabilities is that we know they’ve been available and used by a smaller community already, which means that attackers may have already exploited them and gained a foothold inside.
Organizations need to scramble to apply fixes, but how does an organization increase their efforts to find exiting breaches? Most organizations can’t just ‘look harder’ at their network and systems. If you’ve already turned the intrusion detection dial up as high as it goes, you have to find a different dial to adjust.”
Ken Westin, Senior Security Analyst, Tripwire :
Yet another zero-day Flash exploit has been found in the massive data dump that is the result of a major compromise of Italian espionage software maker Hacking Team. Vulnerabilities CVE-2015-5122 and CVE-2015-5123 are similar to the previous Flash vulnerability (CVE-2015-5119 ) found in the Hacking Team arsenal CVE-2015-5119, however there is currently no patch available for it. Adobe has promised to release a patch on July 12th for these two critical vulnerabilities:
Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015.
The vulnerability itself was discovered as the result of an active exploit that is now in the wild. This family of new zero-day Flash exploits have already been seen active as part of APT campaigns against corporations and government agencies. It is recommended that users and businesses either remove Flash from their browsers, or configure browsers to only run Flash in “click to play” mode, as well as patch systems immediately once an update is made available.[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]