Two major security flaws in Adobe Flash and Windows found after Hacking Team leak

hacking team adobe flash windows security exploit cyber
On Monday we reported that Italian spyware firm Hacking Team had itself been hacked, and more than 400GB of internal files were leaked as a result. Considering the company’s reputation, it didn’t receive much sympathy, but now it seems that something good may come of the hack after all.

Two previous unknown and unpatched security vulnerabilities have been found among the leaked source code, The Register reports. These exploits were used by Hacking Team to compromise systems as part of its activities, so the company had an active interest in keeping these flaws under wraps.

The first and most critical vulnerability affects Adobe Flash, and is what Hacking Team called “the most beautiful Flash bug for the last four years.” This bug can be exploited on Windows, OS X, and Linux systems running Chrome, Firefox, Internet Explorer, Safari, and likely any browser based on any of the above, allowing an attacker to execute code on the victim’s system from a website.

The second issue is somewhat less severe as it requires another vulnerability (like the Flash bug above) to allow an attacker to use it, but it’s still serious. This exploit is found in an Adobe font driver bundled with Windows systems, and affects Windows XP through 8.1. The attacker loads a malicious OTF font file, which then allows the attacker to elevate their privileges within the system.

Adobe has released a security bulletin saying that it is aware of the vulnerability in Flash and is working on a patch. An update containing the fix is expected to be released sometime today.

There is currently no fix for the Windows vulnerability at this time either, but one is in the works. “We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine,” a Microsoft spokesperson told the Register. “We encourage customers to apply the Adobe update and are working on a fix.”

In the meantime, more bugs and vulnerabilities may be hidden within the files leaked from Hacking Team, so keep an eye out for additional security bulletins.

Social Media

Tumblr promises it fixed a bug that left user data exposed

A bug on blogging site Tumblr left user data exposed. The company says that once it learned of the flaw, it acted quickly to fix it, adding that it's confident no data linked to its users' accounts was stolen.

Epic Games sues ‘Fortnite’ YouTuber creators over cheating software

Epic Games has filed a lawsuit against two YouTube users for their role in promoting cheating and hacking tools for Fortnite via a YouTube channel and personal website. As of now, the channel is still live.

Did your Windows 10 audio stop working after the update? Microsoft has a fix

Microsoft has released a small patch for its October 2018 Update build of Windows 10 following some users facing audio issues that resulted in no sound output at all. After this fix, that problem should disappear for good.

How to protect your iCloud account

From Chinese hacking to identity theft, it's not surprising if you're a little worried about your iCloud data. Here's how to protect your iCloud account with a few simple security steps. It will only take a few minutes, and we'll walk you…

Adobe Premiere Rush CC is the cloud-based video editing app you've been waiting for

On stage at Adobe MAX 2018, Adobe announced its cloud-centric, social video-editing application, Adobe Premiere Rush CC. We took some time to put it through its paces to see what it offers, how it works, and what's missing.
Social Media

YouTube is back after crashing for users around the world

It's rare to see YouTube suffer serious issues, but the site went down around the world for a period of time on October 16. It's back now, and we can confirm it's loading normally on desktop and mobile.

Adobe’s craziest new tools animate photos, convert recordings to music in a click

Adobe shared a glimpse behind the scenes at what's next and the Creative Cloud future is filled with crazy A.I.-powered tools, moving stills, and animation reacting to real-time tweets.

Winamp eyes big comeback in 2019 with podcast, streaming support

Classic audio player Winamp is getting a major overhaul in 2019 that's designed to bring it up-to-date and make it competitive with the likes of Apple Music, Amazon Music, Spotify, Audible, and more, all in one go.

Is the Pixelbook 2 still happening? Here's everything we know so far

What will the Pixelbook 2 be like? Has the Pixel Slate taken its place? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.

Adobe MAX 2018: What it is, why it matters, and what to expect

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.

Problems with Microsoft’s Windows October 2018 Update aren’t over yet

Microsoft's Windows 10 October 2018 update is not having a great launch. More than two weeks after its debut and Microsoft is still putting out fires as new bugs are discovered and there's no sign of its re-release as of yet.

Chrome 70 is now available and won’t automatically log you in to the browser

Google has officially launched Chrome version 70 on Windows Mac and Linux. The update introduces some new Progressive Web App integrations on Windows 10 and also tweaks the much controversial auto login with Google Account feature.

Corsair’s latest SSD boasts extremely fast speeds at a more affordable price

Despite matching and besting the performance of competing solid-state drives from Samsung and WD, the Corsair Force Series MP510 comes in at a much more affordable price. Corsair boasts extremely fast read and write speeds.

New Windows 10 19H1 preview lets users remove more pre-installed Microsoft apps

With the release of the latest Windows 10 19H1 preview build on October 17, Microsoft is letting some consumers remove more of the pre-installed inbox app bloatware from their machines.