We recently heard of Hacking Team, an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies. This has earned the company brickbats rather than accolades as they have been lambasted by privacy and human rights organizations. It has been reported that hacking Team has been accused of selling tools and services to nations known for violent oppression.
What caught the attention of the public is that this company was hacked and the hackers released 400GB of Torrent file (see Definition) with internal documents, source code, and an email communications to the public at large.
The flaw in Adobe was reported publicly after the above-mentioned incident. The vulnerability was identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Adobe also said that a successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. The leak also included tools provided by the Hacking Team to carry out attacks, and this included several exploits targeting Adobe Flash Player and Windows itself.
There have been several reports on Twitter that the exploit could be used to bypass Google Chrome’s protective “sandbox” (see Definition) technology. Google has also admitted that the attackers could evade Chrome sandbox by using the exploit together with another Windows vulnerability that appears unpatched at this moment. They are, however, are in the process of providing the fix for Chrome users.
Trend Micro has also reported that there is evidence that the exploit is being used in active attacks. Though, Trend went on to say that users should not be overly concern about this vulnerability at this time, as an active attack has not been found in the wild, it is better to be safe than sorry. So, patch up when the fix is available.
This attack is proof that Adobe is a prime target for exploit across commercial and consumer IT systems. This is the seventh time in as many months that Adobe has been targeted by attackers, and that the company has issued an emergency update to fix a zero-day flaw in Flash Player. (The last update was on June 23, which was reported in Extol Advisory of June 24).
Recommendation
Remove Adobe Flash Player altogether, if you don’t really need it, is one way to avoid getting hit by this exploit.
Definition
1. Torrent file – a torrent file is a computer file that contains metadata about files and folders to be distributed. It does not contain the content to be distributed, but only contains information about those files such as their names, sizes, folder structure, and cryptographic hash values for verifying integrity.
2. Sandbox – a testing environment that isolates untested code, changes and experimentation from the production environment, in the context of software development. In this report, the feature forces the program to run in heightened security mode designed to block attacks that target vulnerabilities in Flash, bypassing Chrome’s sandbox technology.
Source
1. Krebs On Security.
2. CSO Online.
3. Trend Micro.