Another Adobe Flash exploit found after Hacking Team breach

Did you install an Adobe Flash Player update in the past few days? Get ready, you’ll have to do another one.

Adobe said late Friday a critical zero-day vulnerability (CVE-2015-5122) has been identified in Flash Player and earlier versions for Windows, Macintosh and Linux which could cause a crash and potentially allow an attacker to take control of the affected system.  It will be patched sometime the week of July 12.

Last week’s vulnerability and the new one are linked to data released by attackers who plundered the Italian-based security vendor Hacking Team, which sells solutions to law enforcement and intelligence agencies, according to FireEye.  The first, CVE-2015-5119, was quickly adopted by multiple attacking groups and has already been used in widespread attacks.

The new bug, CVE-2015-5122, exploits the Use-After-Free vulnerability in DisplayObject. opaqueBackground that exists in Flash Player versions 9 to Briefly, an authenticated attacker could corrupt a computer’s memory an execute arbitrary code. According to Carnegie-Mellon’s CERT, attackers leveraging this exploit typically would entice a user to visit a Web site containing specially-crafted Flash content, or to open a specially-crafted Microsoft Office document.

[UPDATE: Trend Micro says a third zero day Flash vulnerability, CVE-2015-5123, has been discovered used by Hacking Team.]

Last weekend hackers released a 400GB Torrent file with internal documents, source code and email communications taken from Hacking Team. The database suggested the company’s customers including the FBI the U.S. Drug Enforcement Agency, the Australian federal police, many agencies in Mexico as well as Egypt, Ethiopia, Morocco, Malaysia, Saudi Arabia and the United Arab Emirates.

In March the University of Toronto’s Citizen Lab sent an open letter to Hacking Team alleging a customer had misused or abused the company’s systems and solutions against journalists at the Ethiopian Satellite Television Service (ESAT) in the United States, who it says were again targeted in late 2014. Last summer Citizen Lab, which is part of the Munk School of Global Affairs and examines the use of technology on  human rights and global security, attributed a Android malware implant seen in Saudi Arabia to Hacking Team.

The vulnerabilities are another reminder to CISOs that they have to think carefully about their Flash strategy — keep patching or enabling the Player’s click to play option to users have to think every time they want to use the plug-in.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web