Adobe Flash Player has frequent updates. The one released today (Wednesday, July 8, 2015) is one that we urge all members of the University community to install as soon as practical.
Consider this post as a general reminder: Keep your computers, tablets, and devices current. Make sure you have up-to-date versions of the all software you are using. The security of your information depends upon it.
Zero-Day Adobe Flash Player Vulnerability
July 8, 2015
BACKGROUND
Recently, awareness of a zero-day vulnerability for Adobe Flash Player surfaced. Dubbed “the most beautiful Flash bug for the last four years”
by the hacker group who’s leaked documentation lead to the publicity of the vulnerability.
IMPACT
Sources indicate that this vulnerability is actively being exploited in the wild. Successful exploitation can result in remote code execution.
PLATFORMS AFFECTED
Adobe states that all previously released versions of Adobe Flash are affected, including those bundled with Adobe AIR.
MITIGATION
Immediately update Adobe Flash Player to 18.0.0.203.
Immediately update AIR Desktop Runtime to 18.0.0.180.
RECOMMENDATION
To help mitigate potential future threats, enable Click-to-Play for the Adobe Flash Player add-on.
REFERENCES
> [1] http://blog.trendmicro.com/
> [2] http://www.adobe.com/software/
> [3] https://get.adobe.com/
> [4] http://www.macromedia.com/
> [5] http://www.howtogeek.com/
> [6] http://labs.bromium.com/2015/