Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Adobe Is Quick to Patch Latest Flash Zero-Day Threat

    By
    Sean Michael Kerner
    -
    October 19, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Adobe Flash flaw

      Adobe just can’t seem to catch a break when it comes to the security of its Flash Player technology. On Oct. 14, Adobe issued an advisory warning about a new zero-day threat against its Flash Player, identified as CVE-2015-7645, which it has since patched.

      Somewhat ironically, the first public report of attacks making use of CVE-2015-7645 emerged on Oct. 13, the same day that Adobe issued its regular monthly update for Flash Player, patching 13 different CVEs. Originally, the plan was to have a patch out this week for CVE-2015-7645, but Adobe was able to accelerate its process and delivered a patch on Oct. 16.

      In its initial advisory for CVE-2015-7645, Adobe credited Trend Micro threat analyst Peter Pi with reporting the issue. Trend Micro publicly reported on Oct. 13 that it had discovered a new Adobe Flash zero-day vulnerability that was being used in the wild by the hacker group behind the Pawn Storm attack. The Pawn Storm attack has been ongoing for several months and has been known to make use of zero-day vulnerabilities. In July, Oracle patched the CVE-2015-2590 Java flaw that Pawn Storm was using in one of its attacks.

      Trend Micro reported that in the new CVE-2015-7645 attack, Pawn Storm was going after foreign affairs ministries around the world with a spear phishing campaign.

      The rapid turnaround for the CVE-2015-7645 zero-day patch is an improvement over Adobe’s historical response times.

      “We continue to have a typical zero-day patch cycle of approximately five to seven days, down from our 2009 zero-day patch cycle of 10 weeks,” Adobe spokesperson Heather Edell told eWEEK. “This fix was fast, but we’ve had others that were patched in similar timeframes—a recent record was 36 hours. A couple of general primary factors that impact release time are partner and distribution coordination.”

      It turns out that, although Adobe initially credited Trend Micro with the discovery of CVE-2015-7645, security researcher Natalie Silvanovich of Google’s Project Zero actually first reported the vulnerability to Adobe on Sept. 29.

      “I reported the Flash 0-day (CVE-2015-7645) two weeks before it was found in the wild,” Silvanovich wrote in a Twitter message.

      In its advisory on the CVE-2015-7645 patch, Adobe credits Trend Micro’s Pi with the detection and analysis of the exploit, and credits Google Project Zero’s Silvanovich for vulnerability research.

      In addition to the CVE-2015-7645 issue, Adobe is patching two additional issues reported by Silvanovich, identified as CVE-2015-7647 and CVE-2015-7648.

      “These updates resolve type confusion vulnerabilities that could lead to code execution,” Adobe states in its advisory.

      Google’s Project Zero has a 90-day disclosure deadline. After 90 days, if a vendor hasn’t patched a reported flaw, Google will publicly disclose the vulnerability.

      Google has been helping Adobe secure Flash Player, with Google Project Zero consistently being a top source of vulnerability disclosure to Adobe across multiple sets of Adobe Flash Player updates this year. Google Project is also providing proactive recommendations to Adobe to help secure Flash.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×