Carnegie Mellon University
April 07, 2016

Significant: Adobe Flash Player 0-Day Exploits - APSA16-01

A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

Immediately update to the current version of Flash Player.

More details are at https://helpx.adobe.com/security/products/flash-player/apsa16-01.html

WHAT YOU NEED TO DO:
If your computer is managed by Desktop Support or a departmental computing administrator, please consult them before making any changes. 

Immediately update to the current version of Flash Player.

  1. Visit Adobe's About Flash Player to check that you have the latest version.
  2. If the version is not the latest for your browser, visit Adobe's Player Download Center and follow the update instructions.
  3. If available, allow Adobe to install updates automatically. Some browsers (Chrome, Microsoft Edge, and IE 10) will automatically update the Flash plugin for you.
  4. Repeat these steps for each browser you have installed.