Flash, Bang, Boom – A new critical bug.
Adobe is the latest big software name to be affected by the work of the Hacking Team – an Italian outfit that specialises in selling surveillance software and exploits to the highest bidder, normally governments and corporations. The controversial firm also markets zero-day vulnerabilities that it offers up for sale, which can be used to infect targets with the firm’s software.
A beautiful Flash bug?
A bug used by the Hacking Team appeared in a data dump at the start of last month – the flat (CVE-2015-5119) affected the Adobe Flash Player 18.104.22.168 for Windows, Mac and Linux (as well as earlier versions) and could have the dual consequence of causing a crash and also allowing the affected system to be taken over by a cyber attacker. Keen to retain their controversial reputation the Hacking Team described the bug as “the most beautiful Flash bug for the last four years.”
Adobe is ripe for exploitation
The data dump in which the bug was revealed took place on a Sunday and by the following Wednesday Adobe had issued a patch. As far as the company has revealed, there don’t seem to have been any particularly serious consequences for Adobe with this particular bug. However, the issue demonstrates that the software giant has now become ripe for exploitation across both consumer and commercial IT systems. It also reveals the way a new economy is being established around the science of custom exploit, which the Hacking Team has made its business. Corporations, governments and law enforcement agencies are clearly willing to spend big on these services, which has some serious issues for privacy, particularly as organisations like the Hacking Team have no problems selling to both sides on the cyber crime war.
For all businesses, large or small, security has become a major issue, particularly in the face of businesses exploiting bugs for profit. Infrastructure and security management have become key for all organisations looking to protect their systems.