On Feb. 6, a new critical vulnerability was announced for Adobe Flash Player versions 220.127.116.11 and earlier. Adobe reported that this vulnerability was being exploited in the wild and categorized the severity of this vulnerability as “Critical."
Adobe released an update on Feb. 8 to version 18.104.22.168 that addressed these vulnerabilities.
This vulnerability can be exploited even by users not browsing the web. Malicious emails could also exploit the vulnerability.
If successfully exploited, the vulnerability allows an attacker to gain control of the affected system and install malware.
Flash Player 22.214.171.124 and earlier.
Those managing systems that are not part of Unified Device Management and are not using Secunia's CSI and a local WSUS server should update Flash to the latest version.
- Uninstall Flash, or Disable flash until needed.
- Enable Flash's click-to-play in your browser.
- Update Flash to the latest version.
- Only open attachments from trusted senders. As a sender: When appropriate, consider using Box or some other collaborative technology to share file attachments rather than sending them through email.
- Consider digitally signing email in order to help recipients distinguish between mail legitimately sent by you and fakes; this helps users know when to distrust attachments.
- Enable auto-updates to limit the exposure time to any Flash vulnerability