EUROPEAN UNION | COOKIES

Notice to visitors generally and to European Union Visitors, in particular. European Union requires that websites alert visitors if cookies are used. This website may use cookies (including third party cookies). Cookies are temporary files stored in your web browser. More info: Google Privacy Info.
Please consent to site cookies, where indicated. If you do not agree with these terms, please exit this site. Happy travels.
NOTE: unable to get cookies widget script to function in this template - hence no 'consent' button.
Please exist if you do not consent to cookies.

Pages

Wednesday, 15 July 2015

Adobe Flash Player - Full of Holes: Zero-Day Exploits x3 - Leaked from Hacking Team Cache

Third Adobe Flash zero-day exploit (CVE-2015-5123) leaked from Hacking Team cache

Exploits continue to leak from the Hacking Team breach, as the latest unpatched Adobe Flash Player bug comes from the stolen cache.
http://www.symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacking-team-cache

*latest vulnerability (CVE-2015-5123) / patch to follow
*related vulnerability (CVE-2015-5122)
= bugs affect newest versions of Adobe Flash Player (18.0.0.203) running on Windows & Mac OS X computers 
= also affect:  Adobe Flash Player (18.0.0.204) on Linux-based computers running Google Chrome web browser
* likely risk of vulnerability use in cyberattacks next few days / disable adobe flash player
MORE 
(CVE-2015-5122)
**vulnerability can be successfully exploited with the leaked proof-of-concept (PoC) code on the most recent version of Adobe Flash Player (18.0.0.203) in Internet Explorer. A successful exploitation could cause a crash and potentially allow an attacker to compromise the affected computer.  [*
**may be possible that this vulnerability has previously been exploited in the wild in limited attacks, because the details of the vulnerability are now publicly available, attackers will likely incorporate the exploit into the exploit kits in the coming days. [*
---------------------
 COMMENT
Modzilla Firefox automatically disables the Adobe Flash, which is lucky, as it wouldn't have occurred to me to manually do that for protection.

What I don't understand is how it all works.
It looks like hackers have tools (exploit kits) and whenever something new becomes public, it must become the tool to use until the patch comes in.

Having trouble finding out what 'proof of concept code' is, but I think it is just code that shows a how to break into systems given a specific vulnerability.

In the case of Microsoft, a number of security companies get advance warnings of exploits, by way of advance patch notifications.  Notification is issued ahead of release to give security companies time to "prioritize and test the fixes before installing them." [***]
In 2012, it was one of these security companies that leaked "proof-of-concept" code. [***]
Here's the coolest bit:  
Once the patches come out, hackers can reverse-engineer them to figure out what problems they solve, then produce tools to break into unpatched systems. [***]  
So the most vulnerable time would be just after the patches come out, if people haven't installed patches.

Looks like individuals who find flaws:
*submitted findings & proof-of-concept to a security group 
*security group tests & vets the research
*security group then submits the proof of concept / findings to the software developer.
*software developer makes a patch
*hackers reverse engineer patch

That satisfies my curiosity to a degree, but I'm still curious how it actually works.


Posted by at
Labels: , , , , , ,