Online users should take a new threat into consideration when utilizing both Oracle’s Java and Adobe Flash software frameworks as; last weekend, 3 previously unknown dangerous vulnerability that could be utilized to secretly install bug on end-user systems were exposed in Java and Flash.
Experts from Trend Micro cautioned in an article published on last Sunday, the weakness in Java is major because hackers are actively manipulating it in an attempt to attack members of NATO. Researchers from Trend Micro said that the hack involves a separate vulnerability in Windows named as CVE-2012-015, that vulnerability was addressed by Microsoft (bulleting MS12-027) in 2012. Suggested blog post stated that the Oracle experts are working on a repair.
Two new vulnerabilities in Flash were exhumed late in the previous week from the 400 GB hacked of the Italian spyware designer, The Hacking Team, that was compromised last week. Both of the vulnerabilities, named CVE-2015-5123 and CVE-2015-5122, are in the count to a previously unknown vulnerability in Flash discovered by the Hacking Team that was patched by Adobe on last Wednesday.
New vulnerabilities reside in the Linux, Mac OS X, and Windows editions of the updated versions of Flash and enable hackers to remotely execute malevolent code.
There is no sign that either of the latest founded bugs in Flash is being actively misused, however, the exposed Hacking Team content gives comprehensive technical information and contain evidence of hack code. That shows it won’t be difficult for more experienced attackers to easily fold the hacks into exploit kits, which are sold in black crime world online.
An advisory being issued by Adobe suggests that the vulnerabilities will be fixed within this week.
Security Gladiators recommends its readers to bound, plus if possible fully curtail using both Java and Flash, at least till the time patches for these 3 major vulnerabilities aren’t done.