On October 16, Adobe released an emergency patch for a new Adobe Flash Player vulnerability (CVE-2015-7645), which was reportedly used by the attackers behind the Operation Pawn Storm (also known as APT28, Sednit, Fancy Bear, or Tsar Team) advanced persistent threat (APT) campaign. The vulnerability affects Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Mac OS X, and Linux.
Adobe rates the vulnerability as critical and notes that successful exploitation could result in a crash as well as potentially allow an attacker to take control of the affected computer. Symantec is not aware of any indication that the vulnerability is widely exploited in the wild.
The attack group is not new to the usage of zero-day vulnerabilities, as in July 2015, it exploited a then zero-day vulnerability in Java. Mitigation Users who are concerned about this issue can temporarily disable Adobe Flash Player in their browser by taking the following steps: Internet Explorer versions 10 and 11
You can reenable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object”, and then clicking on the “Enable” button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner. Firefox
You can reenable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash”, and then clicking on the “Enable” button. Chrome
Protection Symantec has added coverage for the publicly available proof-of-concept code for this Flash Player vulnerability as:
Antivirus:
Investigations into this attack are ongoing and additional protections may be added. In the meantime, customers are advised to apply the patch as soon as possible. The update also plugs two other security holes (CVE-2015-7647 and CVE-2015-7648) that were not covered by the monthly updates issued on October 13.