Hacking Team’s Flash 0-day: Potent enough to infect actual Chrome user

The Adobe Flash zero-day exploit that spyware developer Hacking Team made available to customers worked successfully against even the advanced defenses found in Google’s Chrome browser, researchers said Friday. They also noted that it was used to infect computer users multiple times before it was leaked.

Google developers patched the underlying Flash vulnerability in Chrome on Tuesday (for proof, use enter about:version in the address bar and note the Flash version), and Adobe published a general fix a day later.

The leak of the previously unknown exploit resulting from the devastating hack of Hacking Team last weekend and exploit kits available on the black market quickly added attack code to use the flaw. It allows attackers to surreptitiously install malware on targets’ computers, and there’s evidence that before last weekend’s breach, Hacking Team customers used the Flash zero-day against live targets.