Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe releases Flash player 18.0.0.203 - addresses Flash vulnerability revealed in Hacking Team compromise SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe releases Flash player 18.0.0.203 - addresses Flash vulnerability revealed in Hacking Team compromise
We've had a few people contact the ISC handlers to let us know about the most recent zero-day Flash player vulnerability associated with the Hacking Team compromise.

We've been keeping our eye on this. The exploit was implemented yesterday in exploit kits (EKs) as documented in the following blogs:

malware.dontneedcoffee.com/2015/07/…
blog.malwarebytes.org/exploits-2/2015/07/neutrino-ek-leverages-latest-flash-0day/

Adobe released the flash player update early this morning, so as long as people make sure their Flash player is up-to-date with version 18.0.0.203, they should be fine (at least as far as any EKs that use exploits targeting CVE-2015-5119).

Thanks everyone for keeping an eye on this!
Brad

381 Posts
ISC Handler
Can you please conduct an analysis and recommend for best actions for the recent Adobe issues - CVE-2015-5119,5122,5123? Anonymous

-

Sign Up for Free or Log In to start participating in the conversation!