Java and Flash vulnerabilities exploited by malware writers in zero-day attack

This is an extremely serious news; especially for Oracle’s Java and Adobe Flash developers. Reports confirm that these two programming languages are under zero-day attack. The reports also mention that Java bug is aggressively exploited; while Flash bugs are most likely to be targeted by the malware writers.  Out of these, Java flaws are considered to be the most important, because malware writers are aiming to infect the members of NATO through the zero-day attack on Java.

Zero-day attak

Vulnerabilities and Zero-day attack

The report of zero-day attack on Java and Flash came from the security firm, Trend Micro. Trend Micro’s researchers mentioned in a blog post that the attacks are severe. Certain Java vulnerabilities are being exploited during this attack. The reports also mention that a Windows bug (Indexed as CVE-2012-015) is also a part of this zero-day attack. Microsoft had already addressed this bug in 2012 and released it in the bulletin MS12-027.

On the other hand, there are two Adobe Flash vulnerabilities that may be targeted by the malware writers in the zero-day attack. The flaws were found when 400-gigabyte dump was taken from the Hacking Team that was breached a week back. The Hacking Team is an Italian spyware developer. These two vulnerabilities are indexed as CVE-2015-5122 and CVE-2015-5123. The two bugs were found by the Hacking Team and were patched by Adobe on Wednesday. However, the designated vulnerabilities lie in Linux, Mac OS X and Windows versions. With zero-day attack the attackers can remotely execute the code, hence making it difficult to track and stop.

Reports from Trend Micro does not specifically say that Adobe Flash flaws are being actively targeted in the zero-day attack. However, both Adobe and Oracle developers are working on to fix these bugs which are the root cause of the zero-day attack. Until then, users are advised not to use Flash and Java for safety purpose.

Read more about report on Trend Micro.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.


  1. Dan

    This explains why Comodo CIS has been sandboxing Adobe Flash and JRE lately (including forbidding connection to their updaters to internet, on a box with Privatefirewall); apps still work but 100% virtually. Thanks for this info!

  2. disqus

    It is about time for every end user to say godbye to flash and java and uninstall both of them from their machines.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 3 =