An Adobe Flash Zero Day exploit is now running wild among exploited website across the internet and infecting PC’s and Smartphones of those unlucky enough to visit such a site.
The Zero Day which was included in that 400GB file, released by Hackers on Hacking Team earlier this week, is being packaged up and sold to anyone willing to pay. Some reports say,as much as $15,000 is being spent to acquire, Angler and Neutrino, which have taken on this Zero Day Flash vulnerability.
Adobe are aware of the issue and we are expecting a patch to be pushed out later today. If you get infected Adobe warn that it may allow remote control of your system, or cause the infected system to crash.
The Computer Emergency Response Team (CERT) have given this a 7.5/10 vulnerability rating, which is moderate to severe. They have advised users to disable Flash or Enable Click-to-Play in your browsers, as to stop the exploit running without your interaction.
This so far is the only known Zero Day located within the trove of information leaked in the torrent file and it only took cyber criminals hours to find and begin packaging the exploit for profit.
Hacking Team developed this Zero Day and where apparently quite proud of it too, after a readme file for the bug said “Congrats! You are reading about the most beautiful Flash bug for the last four years.”
Most vendors who hunt or develop such things usually report these bugs to the vendor in question but Hacking Team doesn’t do this, again raising more questions about the ethical practices of Hacking Team. Though all data leaks are bad, with a name like “Hacking Team” and questionable business ethics, one could only assume what we are seeing here, was only a matter of time.