Adobe releases security patch for Flash zero-day flaw ahead of schedule

Adobe has released security updates for Adobe Flash Player.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The Adobe Flash zero-day vulnerability was affecting all versions of Flash including Windows, OS X, and Linux operating systems. [caption id=“attachment_757535” align=“alignleft” width=“380”] Associated Press[/caption] Adobe released the emergency patch much sooner than the forecast. The vulnerability was spotted by Trend Micro  last week, but Adobe said it would be able to roll out an out-of-cycle security update sometime this week. Last week, Trend Micro in a blog post wrote, “Our analysis of the Adobe Flash zero-day vulnerability used in the latest Pawn Storm campaign reveals that the previous mitigation techniques introduced by Adobe were not enough to secure the platform. Used in Pawn Storm to target certain foreign affairs ministries, the vulnerability identified as CVE-2015-7645 represents a significant change in tactics from previous exploits. It is important to note that Adobe has released the bulletin APSB15-27 to address this vulnerability; the latest version of Flash (19.0.0.226) is no longer vulnerable.” In a response to Trend Micro’s discovery, Adobe in an advisory said, “Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks. Adobe expects to make an update available during the week of October 19.”