HackingTeam Data Dump Leads to Adobe Zero Day Discovery
A new zero-day vulnerability in Adobe Flash Player was discovered via a cyberattack against the hackers-for-hire firm Hacking Team. A large amount of internal information leaked by the attackers contained data on the exploit, which could crash a computer and allow a remote attacker to then take control of the machine. Now that the details of the vulnerability are publicly available, there is a good chance attackers will jump on this bug quickly to exploit it before a patch is issued.
Symantec has confirmed the existence of this vulnerability by recreating the exploit on the most recent, fully patched version of Adobe Flash Player (220.127.116.11) with the Internet Explorer browser.
While this exploit has not been seen in the wild yet, this vulnerability is considered critical since it could allow attackers to remotely take control of the affected computer.
*Updated July 8, 2015*
Adobe has reacted quickly to the incident, and has released the patch, which you can now download via their website.
It is important to realize that until users install this patch, the Flash Player will still be vulnerable to attack. In general, it is always best to update any software that has updates available as soon as possible, as they tend to address these types of security holes and more.
*Updated July 13th, 2015*
It looks like there was another Adobe Flash Player vulnerability (CVE-2015-5122) found within the HackingTeam data dump. However, our IPS signature Web Attack: Malicious SWF Download 30 that was pushed out in response to the previous vulnerability does protect against it, which means Norton has you covered. However, the patch that Adobe released last week addressing the previous vulnerability will not protect users against this newly discovered vulnerability. As mentioned below, concerned Adobe users with no security software can disable Adobe until a patch is issued, or they can download the latest version of Norton Security to stay protected.
Norton Intrusion Prevention Signature Actively Protects Against Adobe Vulnerability
If you’re a Norton customer, you have nothing to worry about! As of last night all Norton users were fully protected against this vulnerability. A new Intrusion Prevention Signature was deployed, Web Attack: Malicious SWF Download 30, that detects and blocks exploit attempts to leverage the vulnerability. This signature was rolled out automatically to all Norton customers with no additional action needed. No clicking of ‘OK’ or ‘Apply’ or ‘Restart my system’ is needed. In addition to this new signature, the following Norton IPS signature coverage has already been in place for this attack: Web Attack: Malicious SWF Download 14, Web Attack: Malicious SWF Download 7 and Web Attack: Neutrino Exploit Kit Download 5.
Since Norton does protect against these vulnerabilities, if you have it, you have nothing to worry about! If not you can buy Norton Security here.
If you are still concerned about this bug, you can temporarily disable Adobe Flash Player in your browser by taking the following steps:
Internet Explorer versions 10 and 11
- Open Internet Explorer
- Click on the “Tools” menu, and then click “Manage add-ons”
- Under “Show”, select “All add-ons”
- Select “Shockwave Flash Object” and then click on the “Disable” button
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object” and then clicking on the “Enable” button.
If you are using earlier versions of Internet Explorer, instructions are available on Microsoft’s website. Select the version of Internet Explorer you are using at the top right corner.
- Open Firefox
- Open the browser menu and click “Add-ons”
- Select the “Plugins” tab
- Select “Shockwave Flash” and click “Disable”
You can re-enable Flash by repeating the same process, selecting “Shockwave Flash” and then clicking on the “Enable” button.
- Type “chrome://plugins” in the address bar to open the page
- On the Plug-ins page that appears, find the "Flash" listing
- To disable Adobe Flash Player completely, click the "disable" link under its name
- To enable Adobe Flash Player, click the “enable" link under its name