Many companies have best practices and the Hacking Team, the “computer security experts” who sold hacking tools to various federal and state agencies around the world, are no exception. Their database of information includes a number of interesting hacking tips, including mention of a 0-day, unpatched hole in Adobe Flash that the company is currently closing.
Security researcher Brian Krebs found the document in the trove of data leaked by hackers a few days ago. The proof-of-concept attack described by the Hacking Team can open the Calculator in Windows and OS X and a more dangerous version was also available in the team documentation.
Adobe posted Security Bulletin CVE-2015-5119 today stating that they are working on closing the hole.
“Users do not need to be overly concerned about this vulnerability at this time, as an active attack has not yet been spotted in the wild. We will update this post with more information and advice if it becomes necessary at a later time,” security provider Trend Micro wrote. However, it is not clear whether or not the Hacking Team have discovered a new way to use this exploit.
One thing is, clear, however: you should probably just disable Flash. “There is no question that Adobe Flash Player is a major target of attackers. This Wednesday will mark the seventh time in as many months that Adobe has issued an emergency update to fix a zero-day flaw in Flash Player,” wrote Krebs.