{"id":2157,"date":"2015-10-29T05:11:47","date_gmt":"2015-10-28T21:11:47","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=2157"},"modified":"2015-10-29T05:11:47","modified_gmt":"2015-10-28T21:11:47","slug":"pawn-store-exploit-patched-adobe","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/","title":{"rendered":"Pawn Store Exploit Has Been Patched By Adobe"},"content":{"rendered":"<h2>If you love using Flash Player, here is some exciting news for you. On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player. This advisory warning was identified as CVE-2015-7645. The new software update has since been patched.<\/h2>\n<p>As nature would have it, on Oct 13th when Adobe announced its regular monthly updates for Flash Player, patching 13 and other different CVEs, the first public report of cyber attacks while making use of <a href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsa15-05.html\" target=\"_blank\">CVE-2015-7645<\/a>\u00a0was made. As per the original plan, a patch for CVE-2015-7645 was supposed to come out that very week, however, Adobe managed to hasten the release of the patch to Oct 16th.<\/p>\n<p>Peter Pi a threat analyst at Trend Micro who was the one who reported the issue was recognized by Adobe in its first advisory release of CVE-2015-7645. He made a public announcement on Oct 13th on the fact that he had just found a new Adobe Flash Player zero-day vulnerability which was being used by a cybercriminal group which was behind the Pawn Storm attack.<\/p>\n<p>The Pawn Storm attacks had been going on for several months prior and it was well identified as an opportunist user of zero-day vulnerabilities. Oracle had patched CVE-2015-2590 Java problem in July which Pawn Storm had been using in its attacks. Trend Micro discovered that Pawn Storm was targeting foreign affairs ministries from all over the globe with a spear phishing campaign with this patch.<\/p>\n<p>Adobe\u2019s response time for the CVE-2015-7645 zero-day patch was definitely a great improvement.<\/p>\n<p>According to Adobe spokesperson Heather Edell when he spoke to eWEEK, the company continues to have typical zero-day patches every other five to seven days. This is a great improvement from a zero-day cycle of ten days in 2009. Much as this particular fix was fast, he said that there was one done in a record 36 hours. There are also some basic factors that influence and impact the release time such as partner and distribution corroboration.<\/p>\n<p>Natalie Silvanovich of <a href=\"http:\/\/googleprojectzero.blogspot.com.au\" target=\"_blank\">Google\u2019s Project Zero<\/a> disputes that Trend Micro was the one who discovered the CVE-2015-7645. According to Silvanovich through a Twitter message, she reported the Flash-0 two weeks (Sept 29th) two weeks before Trend found it out there in the wild.<\/p>\n<p>Adobe in its advisory credits Silvanovich for doing vulnerability research. On the other hand, Adobe recognizes Trend Micro\u2019s Pi for the detection and the analysis of the possible exploits of the CVE-215-7645. Moreover, Adobe is working on two patches which were reported by Silvanovich and which are identified as CVE-2015-7647 and CVE-2015-7648. As Adobe states in the advisory, these additional updates are meant to resolve any confusion that might arise regarding vulnerabilities which could then lead to code execution.<\/p>\n<p>According to Google\u2019s Project Zero regulations, a disclosure deadline of 90 days is normally allowed. However, if a vendor hasn\u2019t prepared a patch for a reported flaw, Google will go ahead and disclose this vulnerability.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you love using Flash Player, here is some exciting news for you. On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player. This advisory warning was identified as CVE-2015-7645. The new software update has since been patched. As nature would have [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[175,178,179],"class_list":["post-2157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-adobe-flash","tag-flash-player","tag-patching"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Pawn Store Exploit Has Been Patched By Adobe - BankVault<\/title>\n<meta name=\"description\" content=\"On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pawn Store Exploit Has Been Patched By Adobe - BankVault\" \/>\n<meta property=\"og:description\" content=\"On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-10-28T21:11:47+00:00\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pawn Store Exploit Has Been Patched By Adobe - BankVault","description":"On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/","og_locale":"en_US","og_type":"article","og_title":"Pawn Store Exploit Has Been Patched By Adobe - BankVault","og_description":"On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player.","og_url":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2015-10-28T21:11:47+00:00","author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"Pawn Store Exploit Has Been Patched By Adobe","datePublished":"2015-10-28T21:11:47+00:00","dateModified":"2015-10-28T21:11:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/"},"wordCount":515,"commentCount":0,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"image":{"@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#primaryimage"},"thumbnailUrl":"","keywords":["Adobe flash","Flash player","patching"],"articleSection":["IT security news"],"inLanguage":"en-AU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/","url":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/","name":"Pawn Store Exploit Has Been Patched By Adobe - BankVault","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#primaryimage"},"image":{"@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#primaryimage"},"thumbnailUrl":"","datePublished":"2015-10-28T21:11:47+00:00","dateModified":"2015-10-28T21:11:47+00:00","description":"On October 14th, Adobe announced that it was issuing an advisory warning about a brand new zero-day threat against its software, Flash Player.","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/"]}]},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/pawn-store-exploit-patched-adobe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"Pawn Store Exploit Has Been Patched By Adobe"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/2157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=2157"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/2157\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=2157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=2157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=2157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}