• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced
Kudos6 Stats

HackingTeam Data Dump Leads to Adobe Zero Day Discovery

A new zero-day vulnerability in Adobe Flash Player was discovered via a cyberattack against the hackers-for-hire firm Hacking Team. A large amount of internal information leaked by the attackers contained data on the exploit, which could crash a computer and allow a remote attacker to then take control of the machine. Now that the details of the vulnerability are publicly available, there is a good chance attackers will jump on this bug quickly to exploit it before a patch is issued.

Symantec has confirmed the existence of this vulnerability by recreating the exploit on the most recent, fully patched version of Adobe Flash Player (18.0.0.194) with the Internet Explorer browser.

While this exploit has not been seen in the wild yet, this vulnerability is considered critical since it could allow attackers to remotely take control of the affected computer.

*Updated July 8, 2015*
Adobe has reacted quickly to the incident, and has released the patch, which you can now download via their website.

It is important to realize that until users install this patch, the Flash Player will still be vulnerable to attack. In general, it is always best to update any software that has updates available as soon as possible, as they tend to address these types of security holes and more.

*Updated July 13th, 2015*

It looks like there was another Adobe Flash Player vulnerability (CVE-2015-5122) found within the HackingTeam data dump. However, our IPS signature Web Attack: Malicious SWF Download 30 that was pushed out in response to the previous vulnerability does protect against it, which means Norton has you covered. However, the patch that Adobe released last week addressing the previous vulnerability will not protect users against this newly discovered vulnerability. As mentioned below, concerned Adobe users with no security software can disable Adobe until a patch is issued, or they can download the latest version of Norton Security to stay protected.

Norton Intrusion Prevention Signature Actively Protects Against Adobe Vulnerability

If you’re a Norton customer, you have nothing to worry about! As of last night all Norton users were fully protected against this vulnerability. A new Intrusion Prevention Signature was deployed, Web Attack: Malicious SWF Download 30, that detects and blocks exploit attempts to leverage the vulnerability. This signature was rolled out automatically to all Norton customers with no additional action needed.  No clicking of ‘OK’ or ‘Apply’ or ‘Restart my system’ is needed. In addition to this new signature, the following Norton IPS signature coverage has already been in place for this attack:  Web Attack: Malicious SWF Download 14Web Attack: Malicious SWF Download 7 and Web Attack: Neutrino Exploit Kit Download 5

Since Norton does protect against these vulnerabilities, if you have it, you have nothing to worry about! If not you can buy Norton Security here.


If you are still concerned about this bug, you can temporarily disable Adobe Flash Player in your browser by taking the following steps:

Internet Explorer versions 10 and 11

  1. Open Internet Explorer
  2. Click on the “Tools” menu, and then click “Manage add-ons”
  3. Under “Show”, select “All add-ons”
  4. Select “Shockwave Flash Object” and then click on the “Disable” button

You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object” and then clicking on the “Enable” button.
If you are using earlier versions of Internet Explorer, instructions are available on Microsoft’s website. Select the version of Internet Explorer you are using at the top right corner.

Firefox

  1. Open Firefox
  2. Open the browser menu and click “Add-ons”
  3. Select the “Plugins” tab
  4. Select “Shockwave Flash” and click “Disable”

You can re-enable Flash by repeating the same process, selecting “Shockwave Flash” and then clicking on the “Enable” button.

Chrome

  1. Type “chrome://plugins” in the address bar to open the  page
  2. On the Plug-ins page that appears, find the "Flash" listing
  3. To disable Adobe Flash Player completely, click the "disable" link under its name
  4. To enable Adobe Flash Player, click the “enable" link under its name

Comments

Kudos1 Stats
Firefox
  1. Open Firefox
  2. Open the browser menu and click “Add-ons”
  3. Select the “Plugins” tab
  4. Select “Shockwave Flash” and click “Disable”

Is Ask to Activate okay to fend off exploit...? 
The options are Ask to Activate / Always Activate / Never Activate

Seek first to understand, then to be understood.
Kudos1 Stats
Seek first to understand, then to be understood.
Kudos1 Stats
 

A Security Advisory (APSA15-03) has been published regarding a critical vulnerability (CVE-2015-5119) in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux.  Adobe is aware of reports that an exploit targeting this vulnerability has been publicly published. Adobe expects to make updates available on July 8, 2015.

https://blogs.adobe.com/psirt/?p=1223

Seek first to understand, then to be understood.
Kudos1 Stats

So that why thing got gummed up, thanks

Kudos0

I have Name:  Shockwave Flash Object   Publisher:  Adobe Systems  Type:  Active X Control   Version: 18.0.0.203            Installed (Updated):  7/9/2015  Is that what you are talking about?

Kudos0

I am already updated to version (18.0.0.203) as of 7/9/2015.  So where do I find the patch?  Or is my version "the patch"?

Kudos0

Yours should be  Version: 18.0.0.209 you might wanna go into your browser and hit the tab about google chrome any updates will happen and take effect immediately no going to sites for any updates thanks.

Kudos0

What browser do you use Google chrome is simple all you need to do is select in the top right corner about google chrome it opens a new tab and looks for any updates you might need I have version 18.0.0.209 as of 7/19/2015 I always uncheck the mcafee install too if you go to the actuall install link I never do I always get the update in google hope it helped

Kudos0

rwood1948: new patch is do this week....203 fixed earlier hole.  Now, new hole has been found...so, look for yet another patch
https://community.norton.com/en/forums/second-flash-player-zero-day-exploit-found-hacking-teams-data

Seek first to understand, then to be understood.
Kudos0

bjm - Norton Fighter 25 - So now that I already have 203, I will be looking for yet another patch in a few days?  I disabled 3 Adobe add-ons in "Manage Add-ons" - should I enable them now or when the next patch is available? 

Kudos0

Flash update comes to you differently depending on your browser and OS and update preference.  Leave disabled if you don't need. 
Subscribe to this Topic > https://community.norton.com/en/forums/second-flash-player-zero-day-exploit-found-hacking-teams-data
News will be there.....or this Blog.   You may check version and pull new version here. >
http://www.adobe.com/software/flash/about/

Seek first to understand, then to be understood.
Kudos0

bjm Norton Fighter 25 - thanks for your help.  Ruthe 

Kudos0

July 16 I received another download for Adobe Flash Player.  I see it's 18.0.0.209, so I presume that Adobe has patched the second flaw as well.

Kudos0
Pushkin97:

July 16 I received another download for Adobe Flash Player.  I see it's 18.0.0.209, so I presume that Adobe has patched the second flaw as well.

Third Adobe Flash Exploit Found in Hacking Team Data Dump

Current Flash Player version is 18.0.0.209.  This Adobe site will know your installed version and version available at Player Download Center. 
click > http://www.adobe.com/software/flash/about/ (link is external) Flash Player updates come to your machine depending on your browser n' operating system.
click > https://helpx.adobe.com/flash-player.html (link is external) There's usually an active Flash Topic on click > Tech Outpost Forum
Seek first to understand, then to be understood.
Kudos0

I'm confused! I get a pop-up box from Norton telling me to update Adobe flashplayer because of this virus. I click on the "more information" box which takes me to this page, where Norton tell me this: If you’re a Norton customer, you have nothing to worry about! As of last night all Norton users were fully protected against this vulnerability. This signature was rolled out automatically to all Norton customers with no additional action needed.  No clicking of ‘OK’ or ‘Apply’ or ‘Restart my system’ is needed.

I paid for the product, and registered it with Norton, and they obviously know I'm a customer. So do I have to update Adobe, or don't  I, and if I don't have to take any action, what is the point of sending me the pop-up box telling me I need to take action and update Adobe?

Kudos0

Raylee - I am not a Norton tech, but I somehow reached this page and in the 6th paragraph (of this page) it says "If you're a Norton customer, you have nothing to worry about blah blah blah" just as you quoted.   I run Windows 7 IE 11 and on or about July 9, 2015 Adobe Flash Player updated to 18.0.0.203 and then again on or about July 15 I updated to 18.0.0.209. As far as I know, I am ok until Adobe informs us another "problem".  As for sending you a pop-up (I received one too), maybe they just wanted to make sure we were updated to the most current version - who knows?  Ruthe

Kudos0

Thanks Ruthe, I see your point. Having experienced problems with updates in the past, even from reliable sources, that have messed with my system, resulting in hours of having to uninstall, re-install, and clean up my computer, or having to do a system restore, has made me reluctant to want to upgrade anything, despite knowing I should. But you're right - they probably do just have our best interests at heart.

Kudos0

Why not considering to disable Adobe Flash Player permanently?

How to disable Flash Player: Why now's a better time than ever

Kudos0

The article is redundant. Symantec is telling you to download the Adobe patch, but then in the next paragraph they tell you tat it does not work. What is up with that?

*Updated July 8, 2015*
Adobe has reacted quickly to the incident, and has released the patch, which you can now download via their website (link is external).

It is important to realize that until users install this patch, the Flash Player will still be vulnerable to attack. In general, it is always best to update any software that has updates available as soon as possible, as they tend to address these types of security holes and more.

It looks like there was another Adobe Flash Player vulnerability (CVE-2015-5122) found within the HackingTeam data dump. However, our IPS signature Web Attack: Malicious SWF Download 30 that was pushed out in response to the previous vulnerability does protect against it, which means Norton has you covered. However, the patch that Adobe released last week addressing the previous vulnerability will not protect users against this newly discovered vulnerability.

Kudos0

You can have the updated version and you still will see the ad inject even if you have ad blocker it will still pop up I never ever click on anything I dont know or I know is updated even safe sites can be duplicated there is another ad injection that you will see it will open a new tab saying you have a virus call 1-800-blah-blah-blah and you cant even close the tab out be careful surfing for sites untrustworthy when I ran into it I said this is the new thing I suppose. Hackers  will call acting like there microsoft and you will fall for it especiallly when they tell you your PC make or Laptop make always hang up immediatly I have a screenshot of 1 ad inject they place on sites with an image & it will redirect you to dooms day  never click on them thanks. If an update needs to happen check the tab in your google chrome in the top right you'll see ABOUT GOOGLE CHROME any updates will happen if your adobe player is outdated no surfing to any site thats unsafe have a great day!! I had Norton for 5 years now and love them I never had issues.

Kudos0
douglas035:  1 ad inject they place on sites with an image & it will redirect you to dooms day  never click on them thanks.

So, if no clicky.  How do you get rid of ad inject...? 

Seek first to understand, then to be understood.
Kudos0

You can just click the close tab before it opens I use private internet access there beautiful when it comes to protecting your identity if you go to googles add ons install something other then ad blocker it will stop not all the time though you should always close the tab before it opens dont let it open

Kudos0

douglas035 - you mentioned "private internet access" - what exactly is that?  Or is it not a thing? (sorry for the lack of internet knowledge).  Also, I got bitten by the ad injectors on 7/2/15 - I had a web page opened and all of a sudden it was taken over by some "hacker" saying (with audio) that I could have a virus or something could be harming me right now if I didn't call 800-xxx-xxxx - I couldn't close the window, I couldn't do anything and that annoying audio voice repeating over and over what was written on the now invaded web page - it was driving me crazy!!  Anyway, there really is no way to block all of the hacker attempts - that's what you are saying, right?  If there is a way, let me know please.  Ruthe   

Kudos0

douglas035 - what Norton product do you use?  And what do you think is the best?  I have Norton 360 and it is almost time for me to renew, so any advice would be helpful.  Thanks.  Ruthe

Kudos0

Hi

Norton's just flashed up this link and after checking my firefox plugings which gives NO update NOW message.

I was wondering if my SHOCKWAVE FLASH 18.0.0.209 VERTION IS SAFE TO USE. I've disabled it just in case.

Thanks..
 

Kudos0

It would be nice if you included the number of the fully patched version, just for those of us who can't figure it out for ourselves.

I have 18.0.0.209, which, I think, is the latest fully-patched version for IE 11.

Apparently I don't have Shockwave Flash installed in my Maxthon Browser.

Thanks for the warnings.

KrazyOldMan

Kudos0