Skip to main content

Two major security flaws in Adobe Flash and Windows found after Hacking Team leak

hacking team adobe flash windows security exploit cyber
Image used with permission by copyright holder
On Monday we reported that Italian spyware firm Hacking Team had itself been hacked, and more than 400GB of internal files were leaked as a result. Considering the company’s reputation, it didn’t receive much sympathy, but now it seems that something good may come of the hack after all.

Two previous unknown and unpatched security vulnerabilities have been found among the leaked source code, The Register reports. These exploits were used by Hacking Team to compromise systems as part of its activities, so the company had an active interest in keeping these flaws under wraps.

The first and most critical vulnerability affects Adobe Flash, and is what Hacking Team called “the most beautiful Flash bug for the last four years.” This bug can be exploited on Windows, OS X, and Linux systems running Chrome, Firefox, Internet Explorer, Safari, and likely any browser based on any of the above, allowing an attacker to execute code on the victim’s system from a website.

The second issue is somewhat less severe as it requires another vulnerability (like the Flash bug above) to allow an attacker to use it, but it’s still serious. This exploit is found in an Adobe font driver bundled with Windows systems, and affects Windows XP through 8.1. The attacker loads a malicious OTF font file, which then allows the attacker to elevate their privileges within the system.

Adobe has released a security bulletin saying that it is aware of the vulnerability in Flash and is working on a patch. An update containing the fix is expected to be released sometime today.

There is currently no fix for the Windows vulnerability at this time either, but one is in the works. “We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine,” a Microsoft spokesperson told the Register. “We encourage customers to apply the Adobe update and are working on a fix.”

In the meantime, more bugs and vulnerabilities may be hidden within the files leaked from Hacking Team, so keep an eye out for additional security bulletins.

Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
Update your Windows PC now to fix this critical PrintNightmare security flaw
Person sitting and holding Dell XPS 13 laptop on their lap.

You might have heard the news about "PrintNightmare," a vulnerability in the Windows Print Spool service that could leave hackers in control of your PC under certain conditions. After raising concern about it, Microsoft has officially issued a patch that resolves the issue and the company urges all Windows users to install it as soon as possible.

Though unrelated, Microsoft is also aware of a separate issue raised on July 16 relating to the spooler service that is yet to be patched and is working on a separate fix, coming later. This involves local (physical) access to a PC and potentially allowing hackers to install programs and view, change, or delete data via the spooler service.

Read more
Adobe Photoshop now runs natively on Windows on ARM, catching up to Apple’s M1
A person using the Surface Pro X.

Photoshop is now fully compatible with Windows 10 PCs like the Surface Pro X that are powered by ARM-based architecture. Adobe announced the news on a support page, noting that as of May 2021, the software now runs natively on 64-bit Windows 10 ARM devices.

Now that Photoshop runs natively on Windows 10 on ARM devices, there should be some performance gains for these Windows users across the board. It no longer runs under emulation, which had severely limited the speed and efficiency of some process-intensive tasks.

Read more
RIP Adobe Flash. Here’s how to uninstall it
adobe flash logo

With the end of 2020 comes the end of the era for one of the web's most contentious browser plug-ins. Support for Adobe Flash officially ended on December 31, 2020, so that means it's time to uninstall Flash from your device.

Flash was pivotal in enabling video and audio playback in the early internet of the 2000s, as it allowed developers an easy way to embed videos or create games that could be played in a browser. But it was also heartily criticized along the way, both for being a resource hog and for having terrible security, with a series of security risks that needed regular patches.

Read more