Adobe released a patch for a critical vulnerability in Flash Player faster than it originally anticipated in response to high-profile cyber espionage attacks against governmental targets.
The most recent Flash Player updates released Friday address a flaw that’s already exploited by a Russian espionage group referred to as Pawn Storm, in addition to two other critical vulnerabilities reported privately to Adobe.
The CVE-2015-7645 vulnerability is actively exploited by the Pawn Storm group in attacks targeting several foreign affairs ministries from around the globe, security researchers from Trend Micro reported Tuesday.
Adobe confirmed the vulnerability Wednesday and initially scheduled a fix for this week. It then exceeded its own expectations and delivered the patch Friday October 16th.
Users of Flash Player on Windows and Mac are strongly advised to upgrade to version 18.104.22.168, and Linux users to version 22.214.171.1240. Users of the extended support release should ensure that they’re running the most up to date 126.96.36.199 version.
Along with fixing CVE-2015-7645, the new updates also address two type other vulnerabilities– CVE-2015-7647 and CVE-2015-7648– reported by Google’s Project Zero team.
If left unpatched, all three flaws can allow attackers to execute arbitrary code on affected computers and take control of them.