Home / Artigos / Vazamento de empresa hackeada revela grave vulnerabilidade no Flash

Vazamento de empresa hackeada revela grave vulnerabilidade no Flash

Updated Confidential source code stolen from Hacking Team, and subsequently leaked online, has revealed new and extremely serious software vulnerabilities that are exploited by the spyware maker to infect victims’ computers.

The security holes are used to inject malicious code into PCs; that code installs surveillance tools to monitor the user’s every move and remote control their machines over the internet.

Hacking Team, which is based in Italy, counts the governments of Saudi Arabia, Oman, Sudan, Egypt, Lebanon, Russia, the US, and others, plus various private organizations, as its customers, past and present, it appears.

Adobe Flash

From what we’ve seen so far, inside the leaked source code lies an Adobe Flash exploit for which no patch exists: it can be used against Internet Explorer, Firefox, Chrome and Safari, and affects Flash Player 9 to the latest version, 18.0.0.194.

A proof-of-concept exploit uses the flaw to open calc.exe on Windows, proving a malicious Flash file downloaded from the internet can execute arbitrary code on a victim’s computer. Hacking Team describes it as “the most beautiful Flash bug for the last four years” in its internal documentation.

Adobe told us in a statement today that it is working on a patch, which it hopes to release by the end of the week. The vulnerability is present in its plugin software for Windows, OS X and Linux:

A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8.

According to Trend Micro, the Flash vulnerability is a classic use-after-free() programming cockup that allows the attacker to read and write arbitrary bytes in memory. This allows the malicious Flash file to build a chain of instructions that tells the Windows kernel to mark a chunk of injected code as executable – which is then called and can do whatever it likes.

A technical breakdown of the vulnerability can be found here, written by a Chinese infosec researcher.

The bad news is that with the source code leaked, details of the Flash bug are now in the wild for crims to exploit against netizens.

“Without a doubt cyber criminals have already got their hands on it and will integrate it in their exploit kits soon,” warns Jérôme Segura of MalwareBytes.

Hacking Team uses another Flash vulnerability, CVE-2015-0349, but Adobe has patched that: this is why it’s always a good idea to update your software as soon as you can so you’re not caught out by old-day exploits.

Windows kernel

Meanwhile, another zero-day has been found in the Hacking Team source code: this one is a vulnerability in atmfd.dll, the Adobe font driver in the kernel level of the Windows operating system. This library is bundled with Windows so that it can render fonts on screen. The vulnerability is not the same as the MS15-021 flaw that Microsoft patched in March.

The hole, for which no patch exists, affects 32-bit and 64-bit Windows XP to Windows 8.1, according toa detailed analysis published in China. A brief explanation in English can be found here.

This vulnerability can be used to elevate an attacker’s privileges to administrator level, allowing more damage or surveillance to be carried out. It can be chained with the aforementioned Flash zero-day to first execute code as a user and then gain more powers to fully hijack the system.

We’re told the vulnerability is exploited by loading a malicious OTF font file, and then calling a poorly coded software interface in atmfd.dll to read and write to kernel memory. This allows high-level security tokens to be copied to the running process, elevating its privileges – this also sidesteps protection mechanisms (such as SMEP) that try to prevent malicious code execution. Google Chrome’s sandbox feature defeats this attack, we’re told.

Again, with this exploit in the wild now, crooks can wield it against normal netizens to seize control of their PCs. Microsoft was not available for immediate comment.

Analysis of the Hacking Team leak is still ongoing: so far, apart from these two zero-day holes, the rest of the company’s leaked exploit cache appears to be arguably unimpressive. Keeping your software up to date and installed from official sources, and devices physically away from attackers, should be enough to protect against an infection of Hacking Team’s spyware. ®

Updated to add

Microsoft has been in touch to say it is working on a fix for the kernel-level Windows vulnerability.

“We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine,” a Redmond spokesman told us. “We encourage customers to apply the Adobe update and are working on a fix.”

Sobre Ivon Matos

Veja também

Reconhecimento: Métodos de ataques na Web ameaças de “cauda curta”

O reconhecimento é, certamente, uma etapa básica para iniciar um ataque cibernético. Nesta fase, os …

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

blog lam dep | toc dep | giam can nhanh

|

toc ngan dep 2016 | duong da dep | 999+ kieu vay dep 2016

| toc dep 2016 | du lichdia diem an uong

xem hai

the best premium magento themes

dat ten cho con

áo sơ mi nữ

giảm cân nhanh

kiểu tóc đẹp

đặt tên hay cho con

xu hướng thời trangPhunuso.vn

shop giày nữ

giày lười nữgiày thể thao nữthời trang f5Responsive WordPress Themenha cap 4 nong thonmau biet thu deptoc dephouse beautifulgiay the thao nugiay luoi nutạp chí phụ nữhardware resourcesshop giày lườithời trang nam hàn quốcgiày hàn quốcgiày nam 2015shop giày onlineáo sơ mi hàn quốcshop thời trang nam nữdiễn đàn người tiêu dùngdiễn đàn thời tranggiày thể thao nữ hcmphụ kiện thời trang giá rẻ