Adobe has released a patch for CVE-2015-7645, the Flash zero-day that the Pawn Storm cyber-espionage gang has been using to attack foreign ministries across the globe. Adobe initially stated in an advisory Wednesday that it did not expect to have a patch available until next week.
CVE-2015-7645 is a critical vulnerability affecting Adobe Flash versions 19.0.0.207 and earlier for Windows, Mac, and Linux. It allows remote attackers to execute arbitrary code via a specially crafted SWF file, and is rated a 9.3 on the CVSS scale -- 10 for impact, but only 8.6 for exploitability.
The security updates released by Adobe today also patch two other vulnerabilities, CVE-2015-7647 and CVE-2015-7648, that could lead to code execution. No further details about those two bugs have yet been published.
See the Adobe bulletin for more.