BT

Symantec Claims Zero Day Flash Vulnerability Likely to be Exploited

| by Alex Blewitt Follow 4 Followers on Jul 08, 2015. Estimated reading time: 1 minute |

In a report published yesterday, Symantec confirmed that the zero-day Flash vulnerability exposed by the breach on Hacking Team yesterday is remotely exploitable, and warns that zero-day attacks may occur as a result. The analysis of the vulnerability indicates that a fully-patched Flash installation is remotely exploitable by loading a vulnerable or specially crafted file.

Such zero-day attacks are fairly rare; typically, vulnerabilities are reported using 'responsible disclosure' where the details of the bug isn't made publicly available until after the code has been fixed and an update published. In the case of Adobe Flash, this typically happens on a monthly basis, with the next update ordinarily expected in the near future. However this vulnerability wasn't reported, and was being used by Hacking Team to provide remote exploits.

Hacking Team were themselves hacked yesterday which included information about the Flash bugs now in the wild. When such a bug is released publicly and no patch is available, there is a race against time for the providers of the software to fix and release a patch.

In the meantime, Symantic recommends disabling Flash and provides instructions for doing so. Since Chrome ships with Flash enabled by default, users of Chrome browsers may be vulnerable wtihout knowing it, especially if they've never knowingly installed Flash before.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Firefox by Cameron Purdy

Under the "Tools", "Add-Ons", choose "Plugins" on the left, and set all of the Plugins (except H264) to "Ask to activate".

Done.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

1 Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT