Skip to main content
  1. Home
  2. Computing
  3. News

Trend Micro does a deep dive into Hacking Team’s Open Type Font exploit

By

hacking team helped malware hackingteam
Image used with permission by copyright holder
The Italy-based, malware-making digital security company Hacking Team recently had to wipe a lot of egg from its face when its website was vandalized; its Twitter account hijacked; and hundreds of gigabytes of source code, emails, and internal documents made public following a hack of its servers. Part of what came out of the data dump was that it had been providing malware to many different governments around the world, some of which are criticized for their oppressive regimes and human rights abuses.

One of the pieces of nefarious software which Hacking Team created used an exploit in the open font type manager module — ATMFD.dll — provided by Adobe. As Trend Micro explains in its blog post, the reason this could be exploited is because, while the module is processing font data, there’s a buffer underflow, because of a signed number extending.

Recommended Videos

Since the font’s buffer can be prepared by an attacker, this allows it to send commands and content to the front of the input buffer, which ultimately gives them a foot in the door of the system they’re going after.

Related

This is just one of many different exploits which Hacking Team took advantage of in the creation of its various tools and tricks, which it sold to governments such as Sudan, United Arab Emirates, and Singapore. Another popular one used a vulnerability in Adobe’s Flash Player version 9 or later and works on almost every browser, including Internet Explorer, Chrome, Firefox and Safari.

The bug has apparently been there for years and hasn’t been patched, since it’s still present in the latest version of Flash. However, we can rest easy to some extent, as this sort of attack hasn’t been tracked in the wild apart from one specific instance in the recent past.

Trend Micro was also keen to point out in its breakdown of these threats that its software should provide protection against them … though you would expect it to say that.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Former Digital Trends Contributor
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
This Lenovo ThinkPad is almost $1,800 off today!
A press photo of the ThinkPad X1 Carbon Gen 11.

One of the best laptops for a busy computer-heavy workplace is the Lenovo ThinkPad. For years, this tried and true laptop and 2-in-1 has delivered a fast and reliable Windows experience to many a 9 to 5 go-getter. Processor speed and power evolve year over year, and new features are added to these laptops all the time. This also means you’ll be able to find discounts on older machines, which is precisely what we came across while scouring through Lenovo ThinkPad deals:

Right now, as part of Lenovo’s doorbuster sale, you’ll save $1,800 on the purchase of a brand-new Lenovo ThinkPad X1 Carbon Gen 11 when you order through Lenovo.

Read more
Runway brings precise camera controls to AI videos
Gen-3 alpha advanced camera controls

Content creators will have more control over the look and feel of their AI-generated videos thanks to a new feature set coming to Runway's Gen-3 Alpha model.

Advanced Camera Control is rolling out on Gen-3 Alpha Turbo starting today, the company announced via a post on X (formerly Twitter).

Read more
Score the Dell XPS 15 for less than $1,000 during this sale
Dell XPS 15 9520 front view showing display and keyboard deck.

If you’ve been looking for laptop deals but feel disappointed with the results of your research, we know the pain. Searching for a new PC can take months, especially if you’ve got the time and energy to vet through numerous brands and models. Fortunately, there are a few tried and true PC names, one of which happens to be Dell. We see Dell laptop deals pretty regularly, but this one stopped us in our tracks:

Right now, when you order the Dell XPS 15 Laptop through the manufacturer, you’ll save $300. At full price, this model sells for $1,300.

Read more