Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

TWO MORE Flash zero-days emerge in Hacking Team leak – crims (criminals) exploit holes
The Register ^ | July 12, 2015 | Chris Williams

Posted on 07/12/2015 6:49:06 AM PDT by dayglored

Updated -- Two more serious security holes in Adobe Flash that let miscreants hijack vulnerable computers have emerged from the leaked Hacking Team files – and crooks are apparently already exploiting at least one of them to infect machines.

The use-after-free() programming flaws, for which no patches exist, are identified as CVE-2015-5122 and CVE-2015-5123. They are similar to the CVE-2015-5119 Flash bug patched last week. The 5122 and 5123 bugs let malicious Flash files execute code on victims' computers and install malware. The bugs are present in the Windows, Linux and OS X builds of the plugin.

The 5119, 5122 and 5123 vulnerabilities were documented in stolen copies of files leaked online from spyware maker Hacking Team. The Italian biz's surveillance-ware exploits the vulnerabilities to infect computers, and these monitoring tools are sold to countries including Saudi Arabia, Sudan, Russia and the US.

Everyone with Flash installed should remove or disable the software until the critical security bugs are patched, or at least enable "click to play" in their browsers so that you know exactly what you're running on your system rather than letting websites play malicious Flash files silently in the background without warning or permission.

Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

(Excerpt) Read more at theregister.co.uk ...


TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: adobe; adobeflash; flash; windowspinglist; zeroday
This is serious. Disable Adobe Flash, or at least set your browser so that it asks you before running any Flash.
1 posted on 07/12/2015 6:49:06 AM PDT by dayglored
[ Post Reply | Private Reply | View Replies]

To: dayglored; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; Alas Babylon!; amigatec; ...
Adobe Flash does it again -- TURN IT OFF! ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

2 posted on 07/12/2015 6:50:04 AM PDT by dayglored (Meditate for twenty minutes every day, unless you are too busy, in which case meditate for an hour.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

I won’t be back on the thread until very late tonight, but I’m sure all y’all can carry on without me. :-)


3 posted on 07/12/2015 6:52:37 AM PDT by dayglored (Meditate for twenty minutes every day, unless you are too busy, in which case meditate for an hour.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: dayglored

Bkmrk.


4 posted on 07/12/2015 6:55:03 AM PDT by RushIsMyTeddyBear (I'm fed up.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

I have had a lot of trouble with Adobe products for years. Any suggestions on video players?


5 posted on 07/12/2015 7:01:37 AM PDT by mountainlion (Live well for those that did not make it back.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mountainlion

VLC

http://www.videolan.org/


6 posted on 07/12/2015 7:16:08 AM PDT by Scrambler Bob (Using 4th keyboard due to wearing out the "/" and "s" on the previous 3)
[ Post Reply | Private Reply | To 5 | View Replies]

To: mountainlion
HTML5
7 posted on 07/12/2015 7:19:49 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker

bump


8 posted on 07/12/2015 7:31:05 AM PDT by Pontiac (The welfare state must fail because it is contrary to human nature and diminishes the human spirit.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

http://occupyflash.org


9 posted on 07/12/2015 7:31:56 AM PDT by smokingfrog ( sleep with one eye open (<o> ---)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

FlashBlock will do the job for you. “Click to Play” is not always reliable since some browsers like Firefox and Chrome will automatically reset the Flash settings when the product is reinstalled/updated.


10 posted on 07/12/2015 8:03:11 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Thanks for the ping.


11 posted on 07/12/2015 9:08:02 AM PDT by GOPJ (If it wasn't for massive immigration the Democrat party would have already gone extinct -FeeperReese)
[ Post Reply | Private Reply | To 2 | View Replies]

To: dayglored; ShadowAce; abb

Have you seen this?

http://map.norsecorp.com/


12 posted on 07/12/2015 9:09:25 AM PDT by GOPJ (If it wasn't for massive immigration the Democrat party would have already gone extinct -FeeperReese)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Scrambler Bob

http://map.norsecorp.com/


13 posted on 07/12/2015 9:09:57 AM PDT by GOPJ (If it wasn't for massive immigration the Democrat party would have already gone extinct -FeeperReese)
[ Post Reply | Private Reply | To 6 | View Replies]

To: dayglored; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ..
No FLASH, No pain. . . Adobe Flash does it again, twice. Two more zero-day vulnerabilities. Just say no to Flash and the problem goes away. — PING!


Adobe Flash mess

Ping!

If you want on or off the Mac Ping List, Freepmail me.

14 posted on 07/12/2015 11:14:33 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Okay, I’ve put Adobe Flash in the same sh**can as IE and some other forgettable stuff.

Only “bad” thing is that I’ve had to toss out a bunch of games that the g’kids snuck onto my computer and switch to iTunes for some of “my” podcasts (Rush, for example). Otherwise, I’ve downloaded that VLC plugin and would almost swear it improved the look and function of every program on my desktop that I’ve tested so far.

Now, I’m waiting for the announcement that some hacker’s mucking about with ‘Dobe Reader.

That will REALLY get some drawers in knots.


15 posted on 07/12/2015 2:04:28 PM PDT by Unrepentant VN Vet (God gives us rights; Governments take them away....if we let them.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: dayglored

This looks like government-level incompetence.


16 posted on 07/12/2015 6:33:45 PM PDT by TChad
[ Post Reply | Private Reply | To 1 | View Replies]

To: Unrepentant VN Vet
Now, I’m waiting for the announcement that some hacker’s mucking about with ‘Dobe Reader.

There have been many such announcements over the years. Here are some numbers from 2014:

http://secunia.com/resources/vulnerability-review/update-top50/

99 security vulnerabilities in Adobe Flash, 43 in Adobe Reader.

17 posted on 07/12/2015 6:56:35 PM PDT by TChad
[ Post Reply | Private Reply | To 15 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson