Adobe Confirms Zero-Day Exploit Affects All Versions of Flash Player, Fix Coming Next Week

At this point, we are no longer surprised that Adobe Flash is being used as an easy vector to exploit computers and entire network. Back in the day, late Apple CEO Steve Jobs trashed Adobe Flash, calling it buggy, full of security holes and detrimental to the battery life of mobile devices. Five years later, Flash is still with us and it is still wreaking havoc on all three of those fronts. 

The latest Flash vulnerability was revealed this week, and it affects ALL version of the software — yes, even version, which was released on Tuesday. The exploit, which is labeled CVE-2015-7645, was masterminded by a group known as Pawn Storm. For now, the exploit hasn’t been directed at the general public, and has instead been used to target government agencies around the world in a wide-scale espionage scheme. 

occupy flash

Adobe has now acknowledged the exploit and says that it affects versions of Flash Player running on Windows, Mac, and Linux platforms. The company also rates the exploit as “Critical,” which is the highest severity rating that it hands out for software vulnerabilities.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” said Adobe in a security bulletin. “Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.”

Adobe says that it hopes to have a new version of the Adobe Flash Player available during the week October 19th that resolves this exploit. However, the wise advice would be to simply not wait for the patch at all and instead simply uninstall Adobe Flash Player altogether to save you the security headaches (and save your notebook’s battery while surfing the Internet). 

And if you absolutely must use Adobe Flash Player, we recommend using a browser like Google Chrome that by default puts a muzzle on Flash content until absolutely needed.