Skip to main content
  1. Home
  2. Computing
  3. News

Two major security flaws in Adobe Flash and Windows found after Hacking Team leak

By

On Monday we reported that Italian spyware firm Hacking Team had itself been hacked, and more than 400GB of internal files were leaked as a result. Considering the company’s reputation, it didn’t receive much sympathy, but now it seems that something good may come of the hack after all.

Two previous unknown and unpatched security vulnerabilities have been found among the leaked source code, The Register reports. These exploits were used by Hacking Team to compromise systems as part of its activities, so the company had an active interest in keeping these flaws under wraps.

Recommended Videos

The first and most critical vulnerability affects Adobe Flash, and is what Hacking Team called “the most beautiful Flash bug for the last four years.” This bug can be exploited on Windows, OS X, and Linux systems running Chrome, Firefox, Internet Explorer, Safari, and likely any browser based on any of the above, allowing an attacker to execute code on the victim’s system from a website.

Related

The second issue is somewhat less severe as it requires another vulnerability (like the Flash bug above) to allow an attacker to use it, but it’s still serious. This exploit is found in an Adobe font driver bundled with Windows systems, and affects Windows XP through 8.1. The attacker loads a malicious OTF font file, which then allows the attacker to elevate their privileges within the system.

Adobe has released a security bulletin saying that it is aware of the vulnerability in Flash and is working on a patch. An update containing the fix is expected to be released sometime today.

There is currently no fix for the Windows vulnerability at this time either, but one is in the works. “We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine,” a Microsoft spokesperson told the Register. “We encourage customers to apply the Adobe update and are working on a fix.”

In the meantime, more bugs and vulnerabilities may be hidden within the files leaked from Hacking Team, so keep an eye out for additional security bulletins.

Editors’ Recommendations

Topics
Kris Wouk
Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
The first Windows 11 update makes a major performance issue even worse
Unsupported Windows 11 waiver.

Windows 11 just experienced its first "patch Tuesday," where Microsoft issues a patch fixing issues on the second Tuesday of every month. This time around, many hoped the patch would include fixes for an issue with Windows 11 that can tank the gaming performance of AMD processors by as much as 15%. It didn't fix the problem, though, and it may have made the situation worse.

TechPowerUp reports that the October 12 Windows 11 patch nearly doubled the level 3 (L3) cache latency of a Ryzen 7 2700X. This is the lowest-level cache on your processor, storing data streamed in from your RAM before passing it up to higher levels. According to AMD, the increased latency can result in up to a 15% drop in frame rates, especially in esports titles.

Read more
Enable these 3 easy Windows settings to drastically improve your PC’s security
microsoft defender ccleaner unwanted application windows

These days, it seems like there's always a ton of security issues in Windows. Ransomware, malware, spyware, and viruses are just a few examples.

So, how you do protect yourself? Installing the best antivirus software is one obvious answer, but there are also some built-in tools in Windows 11 that can help you improve the security of your system. We've gathered up a list of these tools for you below.
Enable Windows Security ransomware protection

Read more
Unsupported Windows 11 installs won’t get critical security updates
Laptop screen featuring a Windows update screen.

Microsoft updated the minimum Windows 11 system requirements last week, adding support for more CPUs and updating its PC Health Check app for Windows Insiders. At that time, Microsoft also shared with press that users who didn't meet the minimum requirements would be able to install Windows 11 manually. Now, Microsoft has clarified that these "unsupported" users won't receive Windows updates.

In a response to a question from PCWorld, Microsoft clarified that unsupported PCs won't receive any updates through Windows Update. That includes the core operating system updates for features, as well as any security or driver updates. Users are free to download and install Windows 11 through the Media Creation Tool, but it's a risky proposition given how little support Microsoft is giving to this route.

Read more