In the recent security breach of Hacker Team where 400 GB of data exposed, the leaked data shows many new and confidential information about the surveillance software firm.
After analyzing the leaked data, experts have found that Hacker Team had three software exploit where two is of Adobe and one is of windows.
Out of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with CVE-2015-0349, has already been patched. But the another one is Zero-day exploit and was in the adobe flash software, last from four years.
"Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer," they wrote in a blog post published Tuesday. "Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued."
Researchers found that the POC if the adobe flash zero-day successfully worked on the most latest, fully patched version of Adobe Flash (version 18.0.0.194) with Internet Explorer.
After analyzing the leaked data, experts have found that Hacker Team had three software exploit where two is of Adobe and one is of windows.
Out of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with CVE-2015-0349, has already been patched. But the another one is Zero-day exploit and was in the adobe flash software, last from four years.
Till yet there is no indication the vulnerability is being actively exploited at the moment, but it might get in wild soon.
Adobe officials are aware of the finding and expect to release a fix on Wednesday. But Until a fix is installed, readers should consider disabling Flash, particularly when browsing websites they are unfamiliar with.
Moreover another zero-day exploit is in windows kernel. The technical analysis of the exploit leaked from Hacking Team, which is available here, indicates the vulnerability is in every version of Windows since Windows XP. The so-called escalation of privileges exploit could be used in combination with another exploit to increase an attacker's access to a targeted machine.