Adobe to Patch Hacking Team Zero Day in Flash

[RV_]

The short non technical version:

 

Patch Flash tomorrow without fail.

 

Excerpt:

 

"Adobe tomorrow is expected to release an updated version of Flash Player that will patch a zero-day vulnerability uncovered among the 400 GB of data stolen from Hacking Team.

 

The controversial Italian intrusion and surveillance software vendor was breached and on Sunday, private documents, including internal emails and customer invoices, were leaked. The published loot shows sales to oppressive governments, a practice the company’s marketing material says it did not engage in.

 

Adobe’s advisory, published a short time ago, is short on details other than to say that the vulnerability has likely been publicly exploited. The vulnerability, CVE-2015-5119, affects Flash Player version 18.0.0.194 and earlier for Windows, Macintosh and Linux systems.

 

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” said the Adobe advisory. The vulnerability was reported to Adobe by researcher Morgan Marquis-Boire and Google Project Zero.

 

Marquis-Boire and Adobe confirmed to Threatpost that the patch will address the Hacking Team zero day.

 

As researchers comb through the hacked documents and data, there are likely to be other unreported flaws in popular software. The Grugq, a security researcher based in Bangkok, said on his Twitter feed that a Windows zero-day is also documented"

 

The whole article with a lot more is here at: https://threatpost.com/adobe-to-patch-hacking-team-zero-day-in-flash/113658#sthash.zH709BTi.dpuf