Flash! Secret Security Hole Revealed by Source Code Theft

IMPORTANT NOTE: Penad software does not use Adobe Flash Player and is not susceptible to the security problem described below. However, if your computer uses Flash, it IS susceptible. In such a case, a hacker can take control of your computer. If Penad software is running on that computer, then the hacker may be able to access Penad software and data. Because Adobe has NOT yet (as of this article) released a security patch for this newly discovered problem, we recommend that you disable Adobe Flash Player to ensure you are not vulnerable to attack.

News Flash: Adobe Flash Player is NOT SAFE FOR WORK!

A few days ago, a hacker broke into the files of an Italian computer “security firm” and released their internal company emails and the company source code onto the Internet. The targeted company, Hacking Team, has made a business of finding security holes in computing operating systems and exploiting them on behalf of their clients.

Their value proposition is that they will help clients break into and take control of the computers of their targets. Hacking Team clients include the governments of Russia, Saudi Arabia, Oman, Sudan, Egypt, and the USA.

An analysis of Hacking Team’s source code and email communications has revealed that Hacking Team had identified a previously unknown security hole in Adobe Flash Player. This security hole HAS NOT BEEN FIXED BY ADOBE AS OF THIS WRITING.

Using this security hole, a hacker is able to take control of a target computer running Adobe Flash Player. Hacking Team described this security hole as “the most beautiful Flash bug for the last four years”. Computers running Windows, OS X and Linux are all vulnerable.

Now that Hacking Team’s approach has been released to the Internet, EVERY HACKER ON EARTH is now able to exploit this security hole. Because Adobe has not yet released a fix, your computer is vulnerable if it is running Adobe Flash Player. We therefore recommend that you disable Flash immediately.

Adobe has issued the following statement:
A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8.