New Flash vulnerability needs uninstall to fix
MANILA, Philippines – If you're still using Adobe Flash on your Windows, Mac, or Linux machine, you may want to finally consider uninstalling it.
Adobe has confirmed a major vulnerability with all versions of Flash that require users to completely uninstall Flash to be protected against it.
According to a security bulletin on Adobe's site dated October 14, "A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 184.108.40.206 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."
Adobe says it expects to patch the issue by the week of October 19. In the meantime, you'll want to check each of your browsers and your system in general to see if it contains Flash, then disable it in each browser and uninstall it from your computer. (READ: Facebook security chief wants Flash to die out)
According to BGR, Trend Micro was first to discover the issue, and outlined how the exploit was actually being used by a cyber-espionage campaign known as Pawn Storm.
As Trend Micro's post explained, the campaign "targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit." In this case, emails and links were crafted to appear like they were leading to information about current events, such as happenings in Syria, Afghanistan, Israel and Palestine, and Russia.
The post added that "the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year."
While it's known that at least one group is using the exploit to make targeted attacks, there's no way to ensure that the vulnerability isn't being used by others. – Rappler.com