Skip to main content
  1. Home
  2. Computing
  3. News

Two major security flaws in Adobe Flash and Windows found after Hacking Team leak

Add as a preferred source on Google

On Monday we reported that Italian spyware firm Hacking Team had itself been hacked, and more than 400GB of internal files were leaked as a result. Considering the company’s reputation, it didn’t receive much sympathy, but now it seems that something good may come of the hack after all.

Two previous unknown and unpatched security vulnerabilities have been found among the leaked source code, The Register reports. These exploits were used by Hacking Team to compromise systems as part of its activities, so the company had an active interest in keeping these flaws under wraps.

Recommended Videos

The first and most critical vulnerability affects Adobe Flash, and is what Hacking Team called “the most beautiful Flash bug for the last four years.” This bug can be exploited on Windows, OS X, and Linux systems running Chrome, Firefox, Internet Explorer, Safari, and likely any browser based on any of the above, allowing an attacker to execute code on the victim’s system from a website.

The second issue is somewhat less severe as it requires another vulnerability (like the Flash bug above) to allow an attacker to use it, but it’s still serious. This exploit is found in an Adobe font driver bundled with Windows systems, and affects Windows XP through 8.1. The attacker loads a malicious OTF font file, which then allows the attacker to elevate their privileges within the system.

Adobe has released a security bulletin saying that it is aware of the vulnerability in Flash and is working on a patch. An update containing the fix is expected to be released sometime today.

There is currently no fix for the Windows vulnerability at this time either, but one is in the works. “We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine,” a Microsoft spokesperson told the Register. “We encourage customers to apply the Adobe update and are working on a fix.”

In the meantime, more bugs and vulnerabilities may be hidden within the files leaked from Hacking Team, so keep an eye out for additional security bulletins.

Kris Wouk
Former Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more
Yet another research breaks the hype bubble for AI browsers serving serious security flaws
Four popular AI browsers can be exploited to steal your data from other open tabs.
ChatGPT Atlas browser on a MacBook.

AI browsers are being sold as the next big thing. They can summarize pages, book trips, and even make purchases for you. But a new study from the University of Washington found that four of the seven most popular ones come with a security risk serious enough to let malicious websites steal data from other sites you have open. The more capable the browser, the bigger the risk turns out to be.

The 30-year security rule that AI browsers are breaking

Read more
Valve just gave away the blueprint for its coolest Steam Machine mod
Valve giving away the recipe instead of the dish, and honestly, we're okay with it.
Valve Steam Machine Featured Design Coverplate

While Valve’s Steam Machine launched at a higher-than-expected price due to the AI-driven chip shortage, it seems that the company is not sitting on its haunches and is still working hard to make the product more enticing to users. 

One of the coolest features of the Steam Machine is the user-customizable front faceplate, and Valve has just made it better. The company open-sourced its "Inkterface" project, which allows users to build their own e-ink faceplate for the Steam Machine.

Read more