Skip to main content

Two additional vulnerabilities found in Adobe Flash Player

VUIT Security Notice: Two more vulnerabilities found in Adobe Flash 

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use Adobe Flash Player for Windows, Mac and Linux. On the heels of last week’s announcement about patching information for Flash, two more critical vulnerabilities have been identified for Windows, Mac and Linux devices—and more are expected to surface.

The affected versions include Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh; Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome; Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh; and Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux.

The security vulnerability has been identified as critical because it can be exploited remotely and can potentially allow the attacker to take control of the affected machine. In turn, this grants the attacker access to other systems within the network.

VUIT Security Operations will continue to monitor this vulnerability closely and has taken several precautions that include instituting detection capability for possible exploits of this vulnerability and transitioning into prevention mode.

In the meantime, VUIT recommends that users consider disabling or limiting Flash in environments if it is not required for a business function; however, if users must use Flash, it is recommended that they configure their environments to update to the most recent versions and apply the patch supplied by Adobe as soon as possible by following this link: https://helpx.adobe.com/security/products/flash-player/apsa15-04.html.

For more information, please contact VUIT Security Operations at vuit.incident.response@vanderbilt.edu.

 

Sources and References:

https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html