Adobe Patches Critical Hacking Team Zero-day Breach
FREMONT, CA: Adobe recently acknowledged existence of two new critical security flaws which have affected Flash Player, and has kept Adobe on its feet to protect their users from zero-day vulnerabilities.
Adobe, provider of the Flash Player software which is used to stream video content across the web usually has a monthly patch update to fix security flaws as and when they are discovered. But due to a cyber-attack on surveillance and spyware firm Hacking Team's servers, Adobe is now working to fix vulnerabilities which, until now, have not been made public.
Adobe issued a fix for a, zero-day vulnerability (CVE-2015-5119) which was undetected until the attack on Hacking Team's servers. The previously unknown vulnerabilities of the cyber-attack led to the theft of 400GB in corporate data, emails, financial reports and exploit source code that hackers published recently after rooting the servers of Hacking Team, the Italy-based company that sold spyware and exploits to governments around the world, reports Charlie Osborne for zdnet.com.
As previously reported, the Hacking Team itself was hacked by unknown individuals, who then published e-mails, sales invoices, and marketing material that appeared to contradict long-standing assurances from company executives that they operated ethically and didn't do business with repressive governments.
The two Flash vulnerabilities (CVE-2015-5122 and CVE-2015-5123) unearthed recently are in addition to a third one(CVE-2015-5119) which was found earlier in the Hacking Team dump, which Adobe patched, a few days after it was discovered. All three critical vulnerabilities were present in Flash versions for Windows, Mac OS X, and Linux. At least one of them was potent enough to pierce the vaunted Google Chrome security sandbox, most likely because it was combined with a separate privilege-escalation exploit for Windows, reports Dan Goodin for arstechnica.com.
By James Seevers, CIO & GM, Toyoda Gosei
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Bruce. D. Smith, SVP & CIO, Information Systems, Advocate...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Bernd Schlotter, President of Services, Unify
By Patrick Hale, CIO, VITAS Healthcare
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Bill Dow, SVP and General Manager of Business Solutions,...
By Jim Whitehurst, CEO, Red Hat
By Darren Cockrel, CIO, Coyote Logistics, a UPS Company...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By David Tamayo, CIO, DCS Corporation
By Neil Hampshire, CIO, ModusLink Global Solutions, Inc....