We concluded in a previous blog that we expected a lot more will come out of the 400GB cache of stolen data from the Hacking Team breach. Sure enough, we have seen yet another exploit for a previously unknown Flash Player vulnerability finding its way into the public domain, making this the third zero-day exploit to come from the stolen data cache. Details of this latest vulnerability (CVE-2015-5123) emerged late last week and Adobe promptly released a security bulletin to acknowledge it over the weekend, stating that a patch will follow this week.
This latest vulnerability is rated as critical, potentially allowing for remote code execution, and comes hot on the heels of another related vulnerability (CVE-2015-5122) from the Hacking Team breach. Both of these bugs affect the newest versions of the Adobe Flash Player (18.104.22.168) running on Windows and Mac OS X computers as well as Adobe Flash Player (22.214.171.124) on Linux-based computers running the Google Chrome web browser.
The fallout from Hacking Team breach continues to impact many users worldwide. Symantec Security Response will continue to monitor the Hacking Team breach for further developments and act as necessary to provide protection.
Due to the serious nature of this vulnerability and the likely risk of its use in cyberattacks in the coming days, we recommend that users disable Adobe Flash Player in their browsers until the issue is patched. Steps on how to turn off Adobe Flash Player in web browsers can be found in our previous blog.
Symantec and Norton products detect malicious code attempting to exploit the recent Flash Player zero-day vulnerabilities as follows:
Update – July 14, 2015:
Adobe has released security updates for Adobe Flash Player for Windows, Mac OS X, and Linux to address this critical Adobe Flash Player ActionScript 3 BitmapData Use After Free Remote Memory Corruption Vulnerability (CVE-2015-5123), along with the second vulnerability related to the Hacking Team breach, Adobe Flash Player Use After Free Remote Memory Corruption Vulnerability (CVE-2015-5122). Adobe added it is aware of reports that exploits targeting these vulnerabilities have been published publicly.