Adobe has posted a Security Bulletin CVE-2015-5119 today, alerting all the users of a security glitch in the Adobe Flash player, which exposes the user machine to hackers. Adobe says that they are already working on a patch to close the hole.
The security loophole allows malicious attackers to execute code on a victim’s machine through a website and affects Windows, OS X, and Linux, and can be used against browsers like IE, Firefox, Chrome, and Safari.
Users do not need to be overly concerned about this vulnerability at this time, as an active attack has not yet been spotted in the wild. We will update this post with more information and advice if it becomes necessary at a later time.
security provider Trend Micro wrote.
The vulnerability was discovered when well-know security researcher Brian Krebs of Trend Micro found a document, glutted among the massive amount of data leaked during the recent hacking of the infamous hacker group, The Hacking Team.
The proof-of-concept attack described by the Hacking Team can open the Calculator in Windows and OS X and a more dangerous version was also available in the team documentation. The document described the “most beautiful Flash bug for the last four years” and included a proof-of-concept for exploiting the hole and writing to memory.
Hacker Team appears to have used this hole to install its own exploit kits and monitor or remotely control PCs. Hacker Team is a known hacker group from Italy which apparently assists governments of countries such as Saudi Arabia, Oman, Sudan, Egypt, Lebanon, Russia, the US, and others, plus various private organizations, to hack digital devices and monitor the digital activates of people.
On the other hand, there is a second vulnerability found in the documents of Hacker Team which affects an Adobe font driver in Windows known as atmfd.dll. All 32-bit and 64-bit versions of Windows are affected from Windows XP through to Windows 8.1, according to researchers. The flaw lets the attackers elevate their privileges on a machine to administrator level. Combined with the Adobe Flash exploit, it’s a powerful way to hijack a PC.
We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine.
says a Microsoft spokesperson.
We encourage customers to apply the Adobe update and are working on a fix.
Adobe is set to offer the patch by today and until that it is advisable to disable Flash while using your computer to avoid any malicious hacker attack.