Threat of the month: Zero-day

Zero-day
Zero-day

What is it?

A trove of zero-day exploits has surfaced after the compromise of the infamous “Hacking Team.” Researchers have uncovered working exploits for Adobe Flash, Microsoft Windows and Internet Explorer. Recent discoveries found within the data stolen from “Hacking Team” include: OpenType Font (CVE-2015-2426); Adobe Type Manager (CVE-2015-2387); Adobe Flash (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123); Microsoft Internet Explorer (CVE-2015-2425).

 

How does it work?

Since zero-days target vulnerabilities in software without existing patches, they are often secretly held by attackers and used in targeted attacks.

 

Should I be worried?

Many Adobe Flash exploits have already found their way into known exploit toolkits. Therefore, this is a much larger-scale threat and makes exploitation far more likely. 

 

How can I prevent it?

Patch now. Adobe and Microsoft have issued patches for many of the exploits found within the leaked documents. 

 

– John Kuhn, senior security threat researcher, IBM Security