Despite both Microsoft and Adobe releasing critical patches on Tuesday (10/13/2015), a critical zero-day vulnerability remains unpatched in Adobe’s latest update. As per Adobe APSA15-05, this vulnerability (CVE-2015-7645) remains unpatched is actively being exploited in-the-wild. Adobe plans to release a patch that addresses this vulnerabiltiy at some point during the week of October 19th.
Adobe Flash Player 18.104.22.168 and earlier for Windows and Macintosh
Adobe Flash Player Extended Support Release 22.214.171.124 and earlier 18.x versions
Adobe Flash Player 126.96.36.1995 and earlier 11.x versions for Linux
Recent Patches Address Several Vulnerabilities in Popular Applications
Adobe Reader & Acrobat: ~56 Vulnerabilities Patched
Adobe Flash Player: ~13 Vulnerabilities Patched
Microsoft Windows, Office, & Other Apps: ~36 Vulnerabilities Patched
# of Critical Microsoft Vulnerabilities: 3
Microsoft Application w/ Most Security Issues Addressed: Internet Explorer (& Microsoft Edge)
An archive of Microsoft’s Security Advisories, including those published on Tuesday, can be found at this URL.
About the Author Michael Fratello
Edited by Pierluigi Paganini
(Security Affairs – zero-day, Flash)