The hacking of the Hacking Team, a spyware company based in Italy, has exposed the security vulnerabilities in Microsoft Corporation (NASDAQ:MSFT) Windows and Adobe Systems Incorporated (NASDAQ:ADBE) Flash. The hacking has exposed 400 GB of data from Hacking Team online.
The leaked source code online has exposed the security vulnerabilities in the Adobe Flash Player that has been undetected for years together. The Italian Hacking Team has cleverly exploiting the vulnerabilities in the Adobe Flash through developing malicious code and inflicting the users’ computers.
The Hacking Team has not reported these vulnerabilities and cashing in on the security vulnerabilities. The most beautiful flash bug as the hackers termed is being exploited on machines that run the OS like Linux, Windows and OS X.
The hacker can execute the code through Internet browsers like Mozilla Foundation Firefox, Apple Inc. (NASDAQ:AAPL)’s Safari, Google Inc (NASDAQ:GOOGL) Chrome, and Microsoft Internet Explorer on the victim machine.
The security vulnerability in the ATMFD.dll of Adobe is exploited by the Hacking Team through creating a nefarious software code. An under buffer flow is created when the ATMFD.dll processes data due to an extension of the signed number.
The hacker creates a font’s buffer and sends the content and commands to the front side of the input buffer. It ultimately gives complete control over the user system and gain access to the sensitive information.
It is just an iceberg of the tricks and tools used by the Hacking Team. It has sold the malicious code to the governments like Singapore, UAE and Sudan. The security vulnerability is still present in the latest versions of Adobe.
In another incidence, the attacker opens calc.exe and allows download of the malicious file onto the victims’ computer and executes the code.
Adobe has responded to the news and is working seriously to release fix by the end of this week.
Another security flaw is noticed in Windows. The security patch is not available for the windows. It affects the windows starting from XP to 8.1.
It is time for the users to update the antivirus on their machines since the exposed code will be part of the cyber criminals’ suite to take advantage of the sensitive information.