What’s the issue?

Adobe posted a notice a few days ago that version 28.0.0.137 and earlier of their Flash player product has a critical security vulnerability.

The vulnerability can be exploited by getting a user to open a document, web page or email containing a specially crafted Flash file. This can be masked as a normal attachment file, with a report of it being delivered via a malicious Microsoft Excel file.

The flaw has been leveraged to distribute malware, but can be used to take control of the affected computer.

At present, attackers are only known to be targeting Windows devices, but given that Macs are also vulnerable, we feel it best to take action now.

 

What are we doing about it?

Adobe have released an update (version 28.0.0.161) that can be used to patch vulnerable systems.

We are keen to ensure systems are as secure as possible so for any clients with a full managed service contract that are running Jamf Pro, we have uploaded the patch and are deploying it immediately.

For clients that have an escalation contract and are using Jamf Pro, we have uploaded the patch and have requested approval from your IT department to get it deployed.

 

Where can you get more information about the issue?

You can read more about this vulnerability on the Adobe site – https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

If you have any questions, you can reach our service desk team on 020 8660 7750 or via email support@moof-it.co.uk.