Today, October 25th, 2016, Joomla 3.6.4 has been released. It contains two high priority security updates. If you own or administrate a Joomla site, it’s highly recommended that you update your site to this version immediately. In collaboration with the Joomla Security Stike Team (JSST), our team has implemented and tested platform-wide protection from this vulnerability.
In the hours following the release, the CloudAccess.net Abuse Team has not seen any active widespread attacks, although we do expect to see automated bots actively scanning for out-of-date sites on unprotected hosts.