It’s been a rocky couple of months for Adobe Flash and it looks like the sea isn’t settling anytime soon. Less than a day after Adobe released its monthly security patches for its various software, including Flash Player, the company confirmed a major security vulnerability that affects all versions of Flash for Windows, Mac and Linux computers. Yikes.
In a blog post, Adobe stated “a critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system”. However, Adobe goes on to say that the attacks are targeted and limited in their scope, so chances are you may not be attacked. But having the front door open while a murderer is on the loose isn’t the most comforting of feelings.
A-Plus effort to Adobe however, the company went on to state that it “hopes” to make an update available some time during the week to address the critical security hole. It’s also not clear if all versions of Flash Player will be patched across all platforms.
Credit goes to the security researchers at Trend Micro, who discovered the exploit and wrote about it in a blog post. “Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign,” Trend Micro wrote. “Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years.”
Until Adobe releases a patch (that may or may not affect previous versions of Flash) the only safeguard to these exploits would be to uninstall Adobe Flash from your system completely.
Source: Adobe, Trend Micro
