Security
analysts and online criminals are locked in a furious arms race
following the release of an enormous cache of data belonging to Hacking
Team, the controversial Italian surveillance software vendor. It had
come to light last week that Hacking Team had
unearthed a vulnerability
in Adobe's popular Flash browser plugin and had potentially been
exploiting it to attack computers for an unknown length of time. Once
made public, attackers raced to exploit it themselves, and Adobe was
forced to respond with a patch within days.
A second, equally
dangerous vulnerability has now come to light from the Hacking Team
data. Security firm FireEye reported the discovery to Adobe, which has confirmed that it affects
even the latest versions of Flash. Adobe has classified it as critical
but has only committed to releasing an update "during the week of July
12, 2015".
Users are advised to disable Flash Player altogether
until Adobe releases an update, and to install updates only from
trusted sources such as Adobe's own website. Bogus emails and Web
advertisements designed to scare users into downloading a fake patch or
fix are also likely to pop up.
In Google Chrome, type
'chrome://plugins' into the address bar and hit Enter. Find the entry
for Flash and click disable. Firefox users need to click 'Add-ons' in
the browser menu and disable Shockwave Flash on the Plugins tab.
Internet Explorer users should click 'Tools > Manage Add-ons' and
disable Shockwave Flash Object in the All Add-ons list. The steps need
to be taken for each Web browser a user has installed.
Such
security holes allow attackers to remotely execute code on computers,
potentially infecting them with malware and stealing private data. It is
possible that Hacking Team used them to plant its own clandestine
surveillance software on target machines without the knowledge or
consent of their users.
It is certain that criminals will begin
exploiting the newly discovered flaw. As PC World reports, it did not
take more than 24 hours for the previously discovered vulnerability to
show up in commercial exploit kits, which are sold in black markets and
used by those who want to distribute malware but lack the skill or
resources to develop their own backdoors.
Hacking Team has advised its clients to stop using its software now that its own source code has been released. It also now says the attack was
likely carried out with government backing, due to its scope and the resources that were needed to pull it off.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Further reading:
Adobe Flash,
Adobe Flash Player,
Adobe flash vulnerabliity,
Chrome,
Firefox,
Flash,
Flash Player,
Internet Explorer,
Symantec,
hacking team,
internet security,
security,
zero day
Microsoft to Fully Remove Adobe Flash From Windows 10 to Keep Customers Secure5 May 2021
Search
![Gadgets 360 With Technical Guruji: News of the Week [April 12, 2024]](https://c.ndtvimg.com/2025-04/jlpk5kco_news-of-the-week_160x120_12_April_25.jpg?downsize=180:*)
![Gadgets 360 With Technical Guruji: Ask TG [April 12, 2024]](https://c.ndtvimg.com/2025-04/150s7qio_ask-tg_160x120_12_April_25.jpg?downsize=180:*)
