Adobe Closing Flash Hole After Hacking Team Leak

Adobe Systems

Adobe is working to fix a vulnerability in its Flash software which only came to light following the security breach at Hacking Team.

Hacking Team provides cyber surveillance software to government intelligence agencies around the world, but was itself the victim of a cyber attack this week. Among the data stolen from company networks was information related to a flaw with Adobe Flash software, writes Chris Foxx for The BBC.

Stolen information posted online

Hackers stole data from the Italian firm on Sunday, and posted some of it online. Among the information was data related to a security flaw with Flash player, which Hacking Team had not yet told Adobe about.

According to one security blog, hackers “immediately weaponized” the bug. “This is one of the fastest documented cases of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by the Hacking Team,” wrote Jerome Segura from Malwarebytes.

In total, 400GB of stolen data ended up online. The security flaw was described as “the most beautiful Flash bug for the last four years” by Hacking Team, and it was quickly put to use by other hackers.

Three hacking kits related to the bug have already been published by cyber attackers, according to security software company Trend Micro, and it seems strange that Hacking Team would not have immediately informed Adobe about the discovery of such a flaw.

Hacking Team withheld information from Adobe

Bharat Mistry, cybersecurity expert at Trend Micro, criticized Hacking Team for its actions. “When you know the severity of a flaw, there’s a duty to disclose it to the software vendor,” he said.

“Maybe they saw this as an avenue they could use for their own purposes and wanted to keep it under wraps. But Flash has a big presence on the web. There is mass potential for this bug to be exploited by criminals,” continued Mistry.

A huge number of computer users run Adobe Flash software, and the flaw was a serious one. Adobe has since confirmed that the bug could “cause a crash and potentially allow an attacker to take control of the affected system.”

The flaw is present in Flash and earlier versions for Windows, Macintosh and Linux operating systems. Adobe has reassured users that a patch will be released this Wednesday to close the security breach.

As if it was not embarrassing enough for Hacking Team to fall victim to a cyber attack, it appears that the company was withholding important security information.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)

About the Author

Brendan Byrne
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. To contact Brendan or give him an exclusive, please contact him at [email protected]

Be the first to comment on "Adobe Closing Flash Hole After Hacking Team Leak"

Leave a comment