This information was sent to IT staff groups via email on May 13, 2015, with an update on May 27, 2015.
This message is intended for U-M IT staff who are responsible for maintaining and running university machines that have Adobe Flash Player and/or Adobe AIR products installed.
May 27 Update: Adobe Flash Player vulnerability CVE-2015-3090 is now being actively exploited. Unpatched machines can be compromised in order to deliver malware. Update affected machines as soon as possible. MiWorkspace-managed machines have been patched and are no longer at risk.
On May 12, Adobe released another set of security updates for Adobe Flash Player and AIR products for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
- Adobe Flash Player 22.214.171.124 and earlier versions
- Adobe Flash Player 126.96.36.1991 and earlier 13.x versions
- Adobe Flash Player 188.8.131.527 and earlier 11.x versions
- AIR Desktop Runtime 184.108.40.206 and earlier versions
- AIR SDK and SDK & Compiler 220.127.116.11 and earlier versions
- Windows and Mac: Update to Adobe Flash Player 18.104.22.168.
- Linux: Update to Adobe Flash Player 22.214.171.1240.
- Google Chrome: Will automatically update to version 126.96.36.199.
- Internet Explorer on Windows 8.x: Will automatically update to version 188.8.131.52.
- Extended Support Release: Update to version 184.108.40.2069 by visiting Archived Flash Player Versions.
- Adobe AIR desktop runtime: Update to version 220.127.116.11.
- Adobe AIR SDK and AIR SDK & Compiler: Update to version 18.104.22.168.
MiWorkspace machines will be updated today, May 13. If you have Adobe Flash Player installed on your own devices that are not managed by the university, please update by visiting the Adobe Flash Player Download Center.
In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Spam, Phishing, and Suspicious Email, Instructions for Securing Your Devices and Data, and Use a Secure Internet Connection.
lease contact firstname.lastname@example.org.
ITS Information and Infrastructure Assurance