Friday03 February 2023

New Flaw found in Flash Player, yes another one.

Reading time is around minutes.

Although it will not come as a surprise, there seems to be yet another bug in Adobe’s flash player that allows for an attacker to potentially take control of a system by forcing a crash of the application. According to TrendMicro, CVE 2015-5123 is a critical bug in the latest version of Flash player for Linux, Windows, and OSX operating systems. Adobe has already released a customer advisory stating they are already aware of this flaw being exploited in the wild.

According to TrendMicro this vulnerability exists in all versions up to and there is no patch for it yet. Adobe has stated that they expect to have a fix for the flaw this week. This new bug comes on the heels of a bug that was found in the Neutrino exploit kit. The first bug was just patched a few days ago and was found in some of the leaked data from the Hacking Team breach. Hacking Team develops and sells malware/spyware to countries and law enforcement.

The breach, which claimed 400GB of sensitive data including source code, was found to be the result of weak passwords. It is something of a joke that a security firm would have weak passwords protecting sensitive data, but we have seen worse cases of bad security behavior in the past. As we wrote a few days ago we expect to hear about more “fun” things in the data stolen from the Hacking Team in the coming days and would not be surprised at all to hear about a few more exploits. After all, one of the things that these companies do is discover flaws in operating systems and applications so their software can do its job…

It is going to get ugly so stay safe out there.

Last modified on Monday, 13 July 2015 06:42

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.