In addition to definitively exposing Hacking Team as a spyware-shilling operation, a recent dump of Hacking Team emails also revealed a slew of zero-day exploits in Flash, Internet Explorer, and Java. If you’re still using those programs, you should probably download today’s patches.
Adobe released a new version of Flash, 18.104.22.168, which fixes a bug Hacking Team described as “the most beautiful Flash bug for the last four years”. There’s also new versions of Acrobat, PDF Reader, and Shockwave player.
Oracle also pushed out Java 8 Update 51, which fixes 25 security vulnerabilities, including one known to be actively used in attacks. Microsoft, for its part, issued patches for Internet Explorer and Office, among others.
If you’re still using Flash, Java or IE — and it’s worth a long, hard look into your computing soul if you are — you probably want to go on a little patching mission, or just throw your devices into the nearest river for safe measure. [Krebs on Security]