Adobe fixes two Flash zero-day flaws found in Hacking Team cache

The update comes just hours after Firefox blocked the browser plugin after the flaw was being exploited in the wild.
Written by Zack Whittaker, Contributor

Adobe has patched two zero-day vulnerabilities in Flash Player, which were released last week as part of the Hacking Team data breach.

In a brief security notice, the company confirmed Tuesday that it had patched the two critical-rated flaws, which could allow an attacker to take control of an affected computer.

The Flash flaw affects Windows, Macs, and Linux machines.

The two previously-undisclosed flaws were discovered in a trove of data, more than 400GB in size, after hackers attacked the Milan, Italy-based Hacking Team, a provider of exploits and surveillance programs to law enforcement agencies.

The exploits were found and released, along with gigabytes worth of stolen emails and documents from the company's servers.

Because the exploit code was released, it could be used by hackers to target individuals. Adobe also confirmed it was "aware of reports that exploits targeting these vulnerabilities have been published publicly."

It's been a busy few days, not just for Adobe, but for other companies affected by the vulnerabilities.

Earlier on Tuesday, Firefox browser maker Mozilla said it would block the Flash plugin until the flaw was fixed.

Meanwhile, angered by the release of the flaw, Facebook chief security officer Alex Stamos called for the plugin to be put out to pasture. In a series of tweets over the weekend, he called for a date to be set to sunset the browser plugin, following a series of high-profile hacks involving Flash software.

Adobe, which promised Monday to fix the flaw, said that the latest update of the popular browser plugin, version for both Windows and Macs, will prevent attacks.

The company recommended that users update immediately. Internet Explorer 10 and 11 users, along with Chrome users, will receive the update automatically.

Editorial standards