Adobe to patch Flash 0-Day created by Hacking Team
[See Also: In Pictures: Hacking Team's hack curated]
The Flash exploit was used by Hacking Team for demos, and the version of it leaked to the public only included a simple proof-of-concept that launched calc.exe. However, the exploit kit developers were quick to weaponize it thank to detailed instructions provided by Hacking Team documentation.
Attacks have been observed on both Chrome and Firefox.
"This is one of the fastest documented case of an immediate weaponization in the wild," commented Malwarebytes' Jérôme Segura.
Researchers at Trend Micro also detected the exploit circulating in the wild, but noted that the Hacking Team code leveraged a trick that was first observed during Pwn2Own earlier this year.
Alerted to the issue by privacy advocate and security expert Morgan Marquis-Boire and Google's Project Zero, Adobe listed the issue as critical and said they would release a patch for Flash later today. The vulnerability has been assigned to CVE-2015-5119.
All versions of Adobe Flash Player from 18.0.0.194 and earlier on Windows and OS X are vulnerable.
In addition, Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions are also vulnerable. Adobe Flash Player version 11.2.202.468 and earlier 11.x versions for Linux will need a patch too.