Earlier this week, Hacking Team a big company itself was hacked. Over 400-500GBs of data were leaked to the entire internet! The company sells it's 0days to whatever government wants to buy. They have stated multiple times in the past that they do not sell their 0days to 'oppressive countries'.
The leak includes that they provided 0days to companies/countries so they can spy on their citizens. However, with this being said, Flash Player was a huge target for them as almost everybody in the world uses Flash Player for whatever reason.
The dump includes two 0days for Flash Player and one for Windows. The Flash Team has already patched one of them, though.
Hacking Team seemed to be very... Conceited might be the correct word. They stated that the vulnerability was "the most beautiful Flash bug for the last four years.' Which sounds pretty conceited to me...
However, while the Flash 0day is completely amazing, it is not really 'The most beautiful' as multiple other 0days use the same way to exploit Flash!
Now...Around this time... You're most probably worried that you might be getting exploited because you use Flash... But the truth is... While some intelligent hackers have already spotted how to exploit this.... The chances of you being exploited by this vulnerability are very low as it is not global yet! But, it will most probably be in a few days/weeks. I wouldn't give it long...
Anyways... I will be showing you how the bug was found and exploited in the next post! For now... Stay safe!
Regards,
Over Flow (OF)
6 Responses
Thanks for the info! :)
No problem! :)
I'd like to know how to exploit that so-called beautiful bug, if possible.
Experiment. If you can't get it on your own, then you can look it up. But believe me, you'll feel a lot better if you figure it out by yourself. :)
Solution: DON'T use Flash.
Is it now clear enough?
Even Google has disabled it from Chrome (but can be re-enabled via the flags). I'm expecting Mozilla to do the same for Firefox soon too.
Share Your Thoughts