Adobe has released an update that addresses vulnerabilities in Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android. Systems that are not updated are vulnerable to a crash and potentially allowing a malicious user to take control of the affected system.
Adobe reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
The IT Security Office advises users update and exercise caution to avoid clicking on links delivered in email.
Security bulletin names:
APSB12-09 Security update available for Adobe Flash Player
Released: May 4, 2012
Additional information about this vulnerability can be viewed at: http://www.adobe.com/support/security/bulletins/apsb12-09.html
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com. Phone help is available Monday through Friday from 8 a.m. to 7 p.m.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.