Adobe will releasing an emergency Flash update next week after attacks on the newest version of the software, 22.214.171.124, utilizing a zero-day exploit on both Windows and Macintosh machines were unveiled earlier this week.
The attack is administered via a phishing email. Once someone clicks on the phishing link, they are taken to malicious websites that hosts the exploit. If Flash is installed on your machine, the exploit automatically downloads malware without permissions. The malware has been linked to Russian hacker group, Pawn Storm. They are infamous for their attacks on high profile targets such as the German Parliament, and French television network TV5Monde.
Adobe says the Flash update will be available next week, but didn’t specify which day. They also didn’t share detail about the vulnerability dubbed CVE-2015-7645, other than to confirm that it is in fact a problem.
Adobe is expected to patch Windows and Mac versions, as well as Adobe Flash Player Extended Support Release version 126.96.36.199 and earlier 18.x versions, and Adobe Flash Player 188.8.131.525 and earlier 11.x versions for Linux.
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.