Critical Adobe Flash Zero-Day Vulnerability Actively Being Exploited In-the-Wild

Despite both Microsoft and Adobe releasing patches on Tuesday (10/13/2015), a critical Flash zero-day flaw remains unpatched in Adobe’s latest update.

Despite both Microsoft and Adobe releasing critical patches on Tuesday (10/13/2015), a critical zero-day vulnerability remains unpatched in Adobe’s latest update. As per Adobe APSA15-05, this vulnerability (CVE-2015-7645) remains unpatched is actively being exploited in-the-wild. Adobe plans to release a patch that addresses this vulnerabiltiy at some point during the week of October 19th.

Affected Versions:

Adobe Flash Player 19.0.0.207 and earlier for Windows and Macintosh
Adobe Flash Player Extended Support Release 18.0.0.252 and earlier 18.x versions
Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux

Recent Patches Address Several Vulnerabilities in Popular Applications

Patch breakdown:

Adobe Reader & Acrobat: ~56 Vulnerabilities Patched
Adobe Flash Player: ~13 Vulnerabilities Patched
Microsoft Windows, Office, & Other Apps: ~36 Vulnerabilities Patched
# of Critical Microsoft Vulnerabilities: 3
Microsoft Application w/ Most Security Issues Addressed: Internet Explorer (& Microsoft Edge)

An archive of Microsoft’s Security Advisories, including those published on Tuesday, can be found at this URL.

About the Author Michael Fratello

Edited by Pierluigi Paganini

(Security Affairs –  zero-day, Flash)