Archive for January 2015

Adobe Flash Player Exploit Found - What you can do protect your systems.

by in , , , , , , , , , , , ,

Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, Adobe is investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild. For the latest information, please refer to the PSIRT blog here.  You may find more information about the Adobe Security Bulletin here.


Here are instructions on how to disable Adobe Flash in current browsers. If Flash is disabled, it can be temporarily re-enabled if needed. Follow the steps for all browsers used. If you use multiple browsers it may be simpler to uninstall Adobe Flash: http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html.

Mac

Firefox
  1. On the Firefox tool bar go to Tools 
  2. Select Add-ons 
  3. In the Plugins tab, set Shockwave Flash to Never Activate 
Safari
  1. On the Safari tool bar go to Safari > Preferences… 
  2. In the Security tab, ensure Allow Plug-ins is checked 
  3. Click on the Manage Website Settings… button 
  4. Select Adobe Flash Player 
  5. In the dropdown, select When visiting other websites: Block 
  6. Click on the Done button 
  7. Close the Preferences dialog box 
Chrome
  1. Type chrome:plugins in the address bar to open the Plug-ins page 
  2. On the Plug-ins page that appears, find Adobe Flash Player 
  3. Click the Disable ​link under its name 

Windows

Firefox
  1. Go to the Firefox menu button 
  2. Select Add-ons 
  3. In the Plugins tab, set Shockwave Flash to Never Activate 
Internet Explorer
  1. Click the Tools button, and then click Manage add-ons 
  2. Under Show, click All add-ons, and then select Shockwave Flash Object 
  3. Click Disable, and then click Close 
Chrome

  1. Type chrome:plugins in the address bar to open the Plug-ins page 
  2. On the Plug-ins page that appears, find Adobe Flash Player 
  3. Click the Disable ​link under its name