informa
1 MIN READ
Quick Hits

Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule

Critical bug wasn't expected to be fixed until next week.

Adobe has released a patch for CVE-2015-7645, the Flash zero-day that the Pawn Storm cyber-espionage gang has been using to attack foreign ministries across the globe. Adobe initially stated in an advisory Wednesday that it did not expect to have a patch available until next week. 

CVE-2015-7645 is a critical vulnerability affecting Adobe Flash versions 19.0.0.207 and earlier for Windows, Mac, and Linux. It allows remote attackers to execute arbitrary code via a specially crafted SWF file, and is rated a 9.3 on the CVSS scale -- 10 for impact, but only 8.6 for exploitability.

The security updates released by Adobe today also patch two other vulnerabilities, CVE-2015-7647 and CVE-2015-7648, that could lead to code execution. No further details about those two bugs have yet been published.

See the Adobe bulletin for more.

Editors' Choice
Evan Schuman, Contributing Writer, Dark Reading
Tara Seals, Managing Editor, News, Dark Reading
Jeffrey Schwartz, Contributing Writer, Dark Reading