Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

KILL FLASH WITH FIRE until a patch comes: Hacking Team exploit is in the wild

It's out there - and you're wide open to it

So it's confirmed: the Adobe Flash vulnerability revealed in the Hacking Team hack is out in the wild being used, and there's no patch yet. Flash users beware!

Two sources, Malwarebytes and Malware Don't Need Coffee, have documented updates to the Neutrino exploit kit and Angler exploit kit, respectively. Both kits, which are installed on compromised websites by criminals to infect passing web surfers, now exploit the new Flash bug to execute malicious code on victims' computers.

Malwarebytes, which had already warned the exploit would be weaponised quickly, notes: “This is one of the fastest documented case of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by Hacking Team.”

The company shows the exploit working in Firefox:

Firefox exploit from Malwarebytes

Malwarebytes' demonstration of the Neutrino exploit kit in action

Don't Need Coffee corroborates, showing the Angler exploit kit “successfully exploiting IE11, win7 x64 Flash 18.0.0.194”.

Don't Need Coffe's Angler EK demo

Malware Don't Need Coffee - Angler exploit kit demonstration

The emergence of the live exploits came to this scribe's attention via @SwiftOnSecurity:

Adobe expects its fix to land on July 8. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like