• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search
  • Personal Preparedness
    • Keeping data safe
    • Email & phishing scams
    • Secure data removal
    • IU passphrases
    • Using social media
    • Web privacy
    • Account privileges
    • Remote Desktop
    • Cybersecurity while traveling
    • Identity verification
    • Hardware & software security
      • Laptop & mobile device security
      • Malware, scareware, & ransomware
      • Storage drives
      • Wearable technologies
      • Protecting data in copiers and multifunction devices
      • Use of survey software
      • Solid State Drives
    • File sharing & copyright
      • Contesting copyright infringement notices
      • Disabling peer-to-peer file sharing
      • Copyright tutorial
      • Copyright infringement incident resolution
  • Information & IT Policies
    • The Policy Hierarchy explained
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Mitigation Responsibilities (IT-28) Review
    • Federal & international regulations
    • Indiana Data Protection laws FAQ
    • IT-12.1 Mobile Device Security Standard
  • Information Security & Privacy Program
    • Safeguards
      • Risk assessment and treatment
      • Policy administration
      • Organization
      • Asset management
      • Human resources
      • Physical & environmental security
      • Communications & operations management
      • Identity & access control
      • Information systems acquisition, development, and maintenance
      • Incident management
      • Business continuity management
      • Compliance
    • Governance
    • Principles
  • Protecting Data & Privacy
    • Privacy matters
      • Privacy harms
      • Privacy principles
      • Understanding and protecting privacy
    • Sensitive data
      • Guidelines
    • Sharing institutional data with third parties
  • Resources for IT Professionals
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Benchmarks
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
      • Privacy Notice Generator
      • Training & awareness
      • Incident Response Webservice
      • Penetration test
      • SSL/TLS certificates
      • Vulnerability scanners
  • About
    • Glossary of Terms
    • Trustees Resolution
  • Contact
  • Report an Incident
    • Report Privacy Incident or Request Assistance
    • Emergency IT Incidents
    • Managing Incidents
    • Identity Theft
    • Reporting Suspected Sensitive Data Exposures

Information Security & Policy

  • Home
  • Personal Preparedness
    • Keeping data safe
    • Email & phishing scams
    • Secure data removal
    • IU passphrases
    • Using social media
    • Web privacy
    • Account privileges
    • Remote Desktop
    • Cybersecurity while traveling
    • Identity verification
    • Hardware & software security
    • File sharing & copyright
  • Information & IT Policies
    • The Policy Hierarchy explained
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Mitigation Responsibilities (IT-28) Review
    • Federal & international regulations
    • Indiana Data Protection laws FAQ
    • IT-12.1 Mobile Device Security Standard
  • Information Security & Privacy Program
    • Safeguards
    • Governance
    • Principles
  • Protecting Data & Privacy
    • Privacy matters
    • Sensitive data
    • Sharing institutional data with third parties
  • Resources for IT Professionals
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Benchmarks
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
  • Search
  • About
  • Contact
  • Report an Incident
  • Home
  • Security Bulletins
  • Flash

Malware exploiting latest Adobe Flash vulnerability circulating on the Internet

Thursday, February 08, 2018

Background

On Feb. 6, a new critical vulnerability was announced for Adobe Flash Player versions 28.0.0.137 and earlier. Adobe reported that this vulnerability was being exploited in the wild and categorized the severity of this vulnerability as “Critical."

Adobe released an update on Feb. 8 to version 28.0.0.161 that addressed these vulnerabilities.

Impact

This vulnerability can be exploited even by users not browsing the web. Malicious emails could also exploit the vulnerability.

If successfully exploited, the vulnerability allows an attacker to gain control of the affected system and install malware.

Platforms affected

Flash Player 28.0.0.137 and earlier.

Local observations

Those managing systems that are not part of Unified Device Management and are not using Secunia's CSI and a local WSUS server should update Flash to the latest version.

UISO recommendations

  • Uninstall Flash, or Disable flash until needed.
  • Enable Flash's click-to-play in your browser.
  • Update Flash to the latest version.
  • Only open attachments from trusted senders. As a sender: When appropriate, consider using Box or some other collaborative technology to share file attachments rather than sending them through email.
  • Consider digitally signing email in order to help recipients distinguish between mail legitimately sent by you and fakes; this helps users know when to distrust attachments.
  • Enable auto-updates to limit the exposure time to any Flash vulnerability

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

Indiana University

Accessibility | Privacy Notice | Copyright © 2020 The Trustees of Indiana University