lash for Windows, Mac, and Linux computers.
“A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux,” Adobe wrote in a security bulletin posted to its website. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
This new Flash vulnerability was first discovered by security researchers at Trend Micro. In their research, the attackers behind Pawn Storm, long-running cyber-espionage campaign, are using a new Adobe Flash zero-day exploit.
“Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign,” Trend Micro wrote. “Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years.”
In their recent campaign they are targeting several foreign affair ministries around the globe. The targets receive a phishing e-mail like they lead to information about current affairs. The e-mail contains following subjects:
“Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”
The company reassured its customer that they “hopes” to make an update available by next week, though it is unclear if all versions of Flash Player will be patched across all platforms.
The only effective way to protect against this security flaw is completely uninstall the Flash Player from your device.