Adobe Patches Critical Hacking Team Zero-day Breach
FREMONT, CA: Adobe recently acknowledged existence of two new critical security flaws which have affected Flash Player, and has kept Adobe on its feet to protect their users from zero-day vulnerabilities.
Adobe, provider of the Flash Player software which is used to stream video content across the web usually has a monthly patch update to fix security flaws as and when they are discovered. But due to a cyber-attack on surveillance and spyware firm Hacking Team's servers, Adobe is now working to fix vulnerabilities which, until now, have not been made public.
Adobe issued a fix for a, zero-day vulnerability (CVE-2015-5119) which was undetected until the attack on Hacking Team's servers. The previously unknown vulnerabilities of the cyber-attack led to the theft of 400GB in corporate data, emails, financial reports and exploit source code that hackers published recently after rooting the servers of Hacking Team, the Italy-based company that sold spyware and exploits to governments around the world, reports Charlie Osborne for zdnet.com.
As previously reported, the Hacking Team itself was hacked by unknown individuals, who then published e-mails, sales invoices, and marketing material that appeared to contradict long-standing assurances from company executives that they operated ethically and didn't do business with repressive governments.
The two Flash vulnerabilities (CVE-2015-5122 and CVE-2015-5123) unearthed recently are in addition to a third one(CVE-2015-5119) which was found earlier in the Hacking Team dump, which Adobe patched, a few days after it was discovered. All three critical vulnerabilities were present in Flash versions for Windows, Mac OS X, and Linux. At least one of them was potent enough to pierce the vaunted Google Chrome security sandbox, most likely because it was combined with a separate privilege-escalation exploit for Windows, reports Dan Goodin for arstechnica.com.
By Dr. John Bates, CTO, Intelligent Business Operations &...
By Denise Zabawski, CIO, Nationwide Childrens Hospital
By Cynthia Weaver, A.V.P of IT, Walbridge
By Kris Lappala, CIO, Kiewit
By Sherry Aaholm, VP & CIO, Cummins [NYSE:CMI]
By Leo Casusol, CIO, Liquidity Services
By Joe Fuller, VP/CIO, Dominion Enterprises
By Dennis Fiszer, CCO, HUB International
By David Butler, Sr. Director, Digital Customer Experience,...
By Mark Jacobsohn, SVP, Booz Allen Hamilton
By Miguel Gamino, CIO & Executive Director-Department of...
By Jonathan Reichental, CIO, City of Palo Alto
By Pam Puetz, VP & HR Services, First American Financial...
By Aref Matin, CTO, Ascend Learning
By Jim Sills, CIO/Cabinet Secretary, State of Delaware
By Jesse Laver, Vice President Global Sector Development,...
By Andy Newsom, CIO, CSL Behring
By Jason Cook, CISO, BT Americas [NYSE:BT]
By Jim Grubb, VP Marketing & Chief Demonstration Officer, Cisco
By Don Lindsey, VP and CIO, Tallahassee Memorial HealthCare