This week, Adobe rolled out a security update that patched 13, yes, 13 security vulnerabilities, of which 5 were considered critical. Sadly, this didn’t quite do the trick. Trend Micro discovered yet another critical exploit designated CVE-2015-7645, that is currently being exploited.
It has been discovered that Operation Pawn Storm, a cyber-espionage operation that has been known to target high profile government institutions ad media personalities, has been utilizing this exploit. As of now, all Flash versions are vulnerable to remote control attacks via this exploit.
Adobe is working on a patch for this vulnerability, with expectations of an update rolling out during the week of October 19th.
Flash’s history with security has been problematic at best. Having come under public attack from a Facebook exec earlier this year, Adobe promised that they were actively working on improving the security of the Flash Player. I appears it hasn’t been going so well for them.