On Dec. 15, a . Adobe reported that this vulnerability was being exploited in the wild and categorized the severity of this vulnerability as “Critical". Threatpost.com published a
which addressed these vulnerabilities.
This vulnerability can be exploited just by visiting a website using Internet Explorer.
If successfully exploited, the vulnerability allows an attacker to gain control of the affected system and install malware. , including those that specifically target banking usernames and passwords.
Flash Player 18.104.22.168 and earlier.
Those managing systems that are not part of Unified Device Management and are not using Secunia's CSI and a local WSUS server should update Flash to the latest version.
University Information Security Office recommendations
- Update Flash to the latest version.
- Only open attachments from trusted senders. As a sender: When appropriate, consider using Box or some other collaborative technology to share file attachments rather than sending them through email.
- Consider in order to help recipients distinguish between mail legitimately sent by you and fakes; this helps users know when to distrust attachments.