One of the vulnerabilities is already being used in cyberespionage attacks Adobe released a patch for a critical vulnerability in Flash Player faster than it originally anticipated in response to high-profile cyberespionage attacks against governmental targets.The latest Flash Player updates released Friday address a flaw that’s already exploited by a Russian espionage group known as Pawn Storm, as well as two other critical vulnerabilities reported privately to Adobe.The CVE-2015-7645 vulnerability is actively exploited by the Pawn Storm group in attacks targeting several foreign affairs ministries from around the globe, security researchers from Trend Micro reported Tuesday.Adobe confirmed the vulnerability Wednesday and initially scheduled a fix for this week. It then exceeded its own expectations and delivered the patch Friday. Users of Flash Player on Windows and Mac are strongly advised to upgrade to version 19.0.0.226, and Linux users to version 11.2.202.540. Users of the extended support release should make sure they’re running the latest 18.0.0.255 version.In addition to fixing CVE-2015-7645, the new updates also address two type confusion vulnerabilities — CVE-2015-7647 and CVE-2015-7648 — reported by Natalie Silvanovich of Google’s Project Zero team. If left unpatched, all three flaws can allow attackers to execute arbitrary code on affected computers and take control of them. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe