Hacking Team: Second zero-day discovered, exploited by APT groups
Last week, Adobe released a new version of Flash to patch a zero-day vulnerability that was revealed as part of the Hacking Team hack. Trend Micro researchers have found another zero-day vulnerability that affects Adobe Flash because of the Hacking Team attack.
The vulnerability CVE-2015-5122 could result in a crash that would allow an attacker to take control of the vulnerable system if it is abused. It can affect all recent versions of Flash on Windows, Mac and Linux.
Experts have seen proof-of-concept code meaning the situation could grow quickly in the next few days.
In fact a third zero day vulnerability in Adobe Flash (CV-2015-5123) has since been reported by Trend with proof of concept code identified, but not yet seen in active attacks or exploit kits. Users are advised to consider disabling Adobe Flash until an update is available - as well as disabling Java.
APT groups have been exploiting the Flash player in a series of cyber-attacks. These advanced groups of attackers employ opportunistic strategies to exploit for their own purposes.
The Wekby APT sent spear-phishing messages by a spoof Adobe email address to the victims and titled it “Important: Flash update” in an attempt to exploit the news of the release of the patch.
Sednit APT group is also using the Hacking Team Flash stunt by exposing victims in an exploitation chain. If the exploit works, the malware sets its persistence on the victim's machine through a scheduled task to run with the highest privileges.