Endpoint Protection

Symantec is aware of a second vulnerability (CVE-2015-5122) in Adobe Flash Player that’s associated with Hacking Team, the Italian company which recently suffered a major data breach. The existence of the unpatched vulnerability has been confirmed by Adobe in its security bulletin.

Symantec’s analysis has confirmed that the vulnerability can be successfully exploited with the leaked proof-of-concept (PoC) code on the most recent version of Adobe Flash Player (18.0.0.203) in Internet Explorer. A successful exploitation could cause a crash and potentially allow an attacker to compromise the affected computer. 

Though it may be possible that this vulnerability has previously been exploited in the wild in limited attacks, because the details of the vulnerability are now publicly available, attackers will likely incorporate the exploit into the exploit kits in the coming days. The exploit for the previous Flash Player bug, known as the Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability (CVE-2015-5119), only took about one day to be included in exploit kits.

Mitigation
Users who are concerned about this issue can temporarily disable Adobe Flash Player in their browser by taking the following steps:

Internet Explorer versions 10 and 11

1. Open Internet Explorer
2. Click on the “Tools” menu, and then click “Manage add-ons”
3. Under “Show”, select “All add-ons”
4. Select “Shockwave Flash Object” and then click on the “Disable” button

You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object”, and then clicking on the “Enable” button.

Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.

Firefox

1. Open Firefox
2. Open the browser menu and click “Add-ons”
3. Select the “Plugins” tab
4. Select “Shockwave Flash” and click “Disable”

You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash”, and then clicking on the “Enable” button.

Chrome

1. Type “chrome:plugins” in the address bar to open the page
2. On the Plugins page that appears, find the "Flash" listing
3. To disable Adobe Flash Player completely, click the "Disable" link under its name
4. To enable Adobe Flash Player, click the "Enable" link under its name

Protection
Symantec and Norton products detect the proof-of-concept exploit with the following detections:

Antivirus:

• Hacktool

Intrusion prevention system:

• Web Attack: Malicious SWF Download 30

Update – July 14, 2015:
Adobe has released security updates for Adobe Flash Player for Windows, Mac OS X, and Linux to address this critical Adobe Flash Player Use After Free Remote Memory Corruption Vulnerability (CVE-2015-5122), as well as a third vulnerability related to the Hacking Team breach, the Adobe Flash Player ActionScript 3 BitmapData Use After Free Remote Memory Corruption Vulnerability (CVE-2015-5123). Adobe added it is aware of reports that exploits targeting these vulnerabilities have been published publicly.