Adobe to patch leaked Hacking Team Flash 0day

Adobe is planning to release a patch today for a zero-day vulnerability in its Flash Player that is being exploited in the wild after hackers broke into spyware provider Hacking Team and published 400GB of its internal data online.

Hacking Team - one of the world's most notorious providers of offensive information technology to governments - had its internal systems breached by unknown attackers on Monday.

Most of the leaked information concerned the company's business practices - such as internal emails and clients - but also included its product source code and exploits for popular products.

At least three exploits were revealed, two of which affect Adobe's Flash Player, and one for the kernel in Microsoft Windows.

The leaked source code file described how to use a Flash exploit developed by Hacking Team to allow an attacker to bypass Google Chrome's security sandbox and execute code on a victim's computer.

Adobe's Flash player has been a frequent target for attackers thanks to the app's popularity with users, and Google has sought to safeguard the operating system by "sandboxing" it, or isolating the program from the rest of the operating system.

Late yesterday Adobe advised that it had identified a "critical vulnerability" - CVE-2015-5119 -  in Flash versions 19.8.0.194 and earlier for Windows, Mac and Linux. 

"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warned

Infosec firm Trend Micro today said it appeared the zero-day was already being exploited in the wild.

"Based on our ongoing investigation, we believe that this zero-day vulnerability from this leak has been used in an attack we’ve been tracking recently," the firm advised.

"We will be providing additional information in another blog entry soon."

Adobe said it was aware of the reports that the vulnerability was being exploited and said it would update users today.

Also revealed in the Hacking Team data dump was a zero-day vulnerability in the Adobe font driver at kernel level of the Windows operating system.

Attackers can exploit the zero-day vulnerability - for which there currently is no patch - to elevate an attacker's privileges to administrator level.

The flaw affects 32-bit and 64-bit Windows XP to Windows 8.1, according to a Chinese infosec blog.