Recently, Information Technology Services was made aware of a zero-day vulnerability for Adobe Flash Player. Dubbed “the most beautiful Flash bug for the last four years” by the hacker group who’s leaked documentation lead to the publicity of the vulnerability. Sources indicate that this vulnerability is actively being exploited in the wild. Successful exploitation could result in remote code execution. Adobe states that all previously released versions of Adobe Flash are affected, including those bundled with Adobe AIR.
Information Technology Services strongly recommends the following action be taken to mitigate this vulnerability
- Immediately update Adobe Flash Player to 18.104.22.168.
- Immediately update AIR Desktop Runtime to 22.214.171.124.
- Enable Click-to-Play for the Adobe Flash Player add-on to help mitigate potential future threats.
+ Adobe’s Player Download Center site
+ Helpful hints for managing the Adobe Flash add-on
+ Enabling ‘Click-to-Play’ for the Adobe Flash Player add-on
+ Details regarding the latest vulnerability