Technology with attitude

Adobe Flash Player Zero-Day Threats Show Up in Hacking Team’s Report


Shocking news just in: Apparently a pretty secure source code was hijacked from Hacking team and was unveiled in the online environment along with major software “secrets”. These security breaches are the perfect window to add malware codes into a home computer. Apparently, the petty code puts up some sort of monitoring tools that spy on the user’s actions and can actually control their home device from a distance.

Adobe Flash Threat

Based on several analyses, the leaked source code can be also used on Firefox, Chrome, Safari and ultimately the Flash Player 9. This opens calc.exe on Windows, showing a bad-natured Flash file from internet, which will implement the code on the computer. According to those at Hacking team that code is “the most beautiful Flash bug for the last four years”. All efforts have been set in motion by Adobe to fix this, but until then you should know that this threat can be found in plug-in software for the following: OS X, Linux and Windows.

This threat is known as CVE-2015-5119 and has appeared in the Adobe Flash Player and other former versions for Windows, Macintosh as well as Linux. If cyber criminals know how to maneuver this hole well enough, the whole system can and will collapse.

According to Trend Micro, these ‘assailants’ write random bytes in the actual memory, thus allowing petty Flash files to create some type of commands that will instruct the Windows kernel to imprint codes which in return go bonkers in your system. It is clear that those cyber fanatics already got a hold of this and will soon use it.

In the meantime, a new zero-day has been discovered in the Hacking Team source code, this is a threat in the atmfd.dll, the Adobe font driver located in the kernel level of the Windows OS. Attention this is not the same threat that was unveiled by Microsoft back in March (remember the MS15-021 one?, well this is not it).

This particular hole influences a 32-bit and 64-bit Windows XP to Windows 8.1.

This threat can also be used to uplift the cyber criminal’s rights and privileges to an admin type of function. This meaning a lot more damage can happen. What is even worse is that it can be mixed with the above mentioned Flash zero- day first to accomplish that code as a mere user and only then gain full access, leading to a messed up system.

How does it work?

This specific threat is abused by loading an OTF font file and with the addition of a coded software interface in atmfd.dll. This will read and then write the kernel memory. Also the top security elements will be copied and the privileges are uplifted. Of course, this also dodges any other protection elements like SMEP for instance. However, according to several sources the sandbox feature added in Google Chrome can successfully finish off this violation.

Solution: Make sure that your software has been updated and of course you should always set it up solely from official sources. If you respect these basic recommendations, you should stay clear of such malicious infections.