Adobe Flash Player has frequent updates. The one released today (Wednesday, July 8, 2015) is one that we urge all members of the University community to install as soon as practical.

Consider this post as a general reminder: Keep your computers, tablets, and devices current. Make sure you have up-to-date versions of the all software you are using. The security of your information depends upon it.

Zero-Day Adobe Flash Player Vulnerability

July 8, 2015

BACKGROUND

Recently, awareness of a zero-day vulnerability for Adobe Flash Player surfaced. Dubbed “the most beautiful Flash bug for the last four years”
by the hacker group who’s leaked documentation lead to the publicity of the vulnerability.

IMPACT

Sources indicate that this vulnerability is actively being exploited in the wild. Successful exploitation can result in remote code execution.

PLATFORMS AFFECTED

Adobe states that all previously released versions of Adobe Flash are affected, including those bundled with Adobe AIR.

MITIGATION

Immediately update Adobe Flash Player to 18.0.0.203.

Immediately update AIR Desktop Runtime to 18.0.0.180.

RECOMMENDATION

To help mitigate potential future threats, enable Click-to-Play for the Adobe Flash Player add-on.

REFERENCES

> [1] http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/
> [2] http://www.adobe.com/software/flash/about/
> [3] https://get.adobe.com/flashplayer/
> [4] http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
> [5] http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/
> [6] http://labs.bromium.com/2015/07/07/adobe-flash-zero-day-vulnerability-exposed-to-public/