Background
Recently, awareness of zero-day vulnerabilities for Adobe Flash Player surfaced.
Impact
Sources indicate that at least one vulnerability is actively being exploited in the wild. Successful exploitation of either vulnerability can result in remote code execution.
Platforms Affected
Adobe states that all previously released versions (18.0.0.204 and older) of Adobe Flash are affected, including those bundled with Adobe AIR.
Mitigation
Immediately update Adobe Flash Player to 18.0.0.209 (Win and Mac); and 11.2.202.481 (Linux).
Immediately update AIR Desktop Runtime to 18.0.0.180.
More version information can be found here.
Note: Windows devices which are configured to use IU's Microsoft Update Service will automatically receive updates relating to this vulnerability.
After a reasonable amount of time, users who continue to run vulnerable versions of Flash or AIR will be directly notified via email.
UISO Recommendations
To help mitigate potential future threats, enable Click-to-Play for the Adobe Flash Player add-on.
Further Reading
- Adobe's Player Download Center site on adobe.com
- Helpful hints for managing the Adobe Flash add-on on macromedia.com
- Enabling 'Click-to-Play' for the Adobe Flash Player add-on on howtogeek.com