Earlier this week we reported that after Adobe released its giant update for Flash and Reader, TrendMicro discovered a brand new zero-day exploit for Flash. This exploit was actively being used on web sites to install malware on a victims computer. This vulnerability is now labeled by Adobe as APSA15-05 and is cataloged as CVE-2015-7645. Adobe expects to release an update to patch this issue next week on October 19th.
This vulnerability allows attackers to take control over an exploited computer and there is no workaround other than to disable Flash on your computer. If you do not require Flash, the safest bet will to be disable it in any browsers that you use.
Comments
softeyes - 9 years ago
Mr. Abrams, Thank you for this critical update.
I clicked on your link: https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Found:
Affected software versions:
Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
Checking my Windows Vista computer: You have version 19,0,0,207 installed.
Are you suggesting I disable this version ( or Flash Player) in my Mozilla Firefox browser (would it be true for any browser) or uninstall this version from my Installed Programs, until after the security patch is released, then re-install?
Again, thank you for keeping the BC community and guests so immediately informed about this type of vulnerability!
softeyes - 9 years ago
10/16/2015
Answered here: https://www.bleepingcomputer.com/news/security/adobe-releases-ermgency-update-for-latest-flash-exploit/
Thank you.