Skip to main content

Second zero-day flaw found in Adobe Flash thanks to Hacking Team

posted onJuly 13, 2015
by l33tdawg
Credit:

Earlier this week an exploit for Adobe Flash was revealed -- a shock, I know. Now a second is in the wild and already being used. Known by the catchy name CVE-2015-5122, security firm FireEye discovered the flaw buried in the Hacking Team leak and alerted Adobe to it.

Adobe has released a security bulletin stating "Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system".

The company categorizes this flaw as "critical". FireEye points out that "The CVE-2015-5122 PoC is well written like the previous PoC for CVE-2015-5119 by the same author. The PoC also uses similar constructs for exploiting the Use-After-Free vulnerability in DisplayObject opaqueBackground".

Source

Tags

Adobe Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th