Adobe Confirms Zero-Day Exploit Affects All Versions of Flash Player, Fix Coming Next Week
The latest Flash vulnerability was revealed this week, and it affects ALL version of the software — yes, even version 126.96.36.199, which was released on Tuesday. The exploit, which is labeled CVE-2015-7645, was masterminded by a group known as Pawn Storm. For now, the exploit hasn’t been directed at the general public, and has instead been used to target government agencies around the world in a wide-scale espionage scheme.
Adobe has now acknowledged the exploit and says that it affects versions of Flash Player running on Windows, Mac, and Linux platforms. The company also rates the exploit as “Critical,” which is the highest severity rating that it hands out for software vulnerabilities.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” said Adobe in a security bulletin. “Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.”
Adobe says that it hopes to have a new version of the Adobe Flash Player available during the week October 19th that resolves this exploit. However, the wise advice would be to simply not wait for the patch at all and instead simply uninstall Adobe Flash Player altogether to save you the security headaches (and save your notebook’s battery while surfing the Internet).
And if you absolutely must use Adobe Flash Player, we recommend using a browser like Google Chrome that by default puts a muzzle on Flash content until absolutely needed.