Adobe issues advisory for Flash vulnerability targeting government agencies by Doug Olenick.
From the post:
Adobe has issued a security advisory for an Adobe Flash Player zero-day exploit being used by the folks behind the Pawn Storm cyber espionage campaign to target foreign ministries worldwide.
The critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player version 19.0.0.207 and earlier for Windows, Macintosh and Linux. The company expects to issue an update for the vulnerability during the week of Oct. 19. Adobe said in its advisory that a successful exploit could allow the attacker to take control of a vulnerable system.
Adobe is aware that the exploit is being used in limited targeted attacks.
…
Depending upon your target(s), don’t take the projected patch date too seriously.
The 2015 NTT Group Global Threat Intelligence Report reports that 76% of the vulnerabilities in its report were over two years old, and 9% were more than ten years old.
I didn’t find data on the application of patches curve for Adobe Flash. Assume a bump on release + thirty days and the curve fall off rather steeply.
If you are defending against this latest in a series of Flash vulnerabilities, disable and then de-install Adobe Flash. That is the only long term “patch” known to cure all known and unknown Flash vulnerabilities. Plus it saves IT resources for some purpose other than patching bugware.