Hacking Team documentation accompanying the Flash exploit said it targeted “the most beautiful Flash bug for the last four years,” according to a blog post published Wednesday by researchers from antivirus provider Trend Micro.
The use-after-free flaw resides in a Flash Bytearray object. Researchers at competing AV company Symantec have confirmed the existence of a Flash exploit that works against the latest version of Flash (18.0..194). They also have confirmed it works against people viewing content with Internet Explorer, and it’s presumed it will work against other browsers as well.
“Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer,” they wrote in a blog post published Tuesday. “Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.”
The exploits can be used to surreptitiously install Hacking Team surveillance software, or other types of malware, on vulnerable computers with little or no indication anything is amiss.