The Hacking Team, a group of digital activists, was hacked earlier this summer. Within the data that was compromised, three Adobe Flash vulnerabilities were discovered; CVE-2015-5123, CVE-2015-5122, CVE-2015-5119.
Adobe has patched two of the three vulnerabilities but has yet to release a patch for the third. While Adobe has committed to patching all three vulnerabilities by the end of the week, many organizations are putting protections in place. For example, Mozilla Firefox is now blocking Adobe Flash by default. The block will remain in place until a version is running that contains a patch for all three vulnerabilities.
Below are some additional tips to protect yourself from the Adobe Flash vulnerabilities:
– Make sure you have Symantec installed and updated! (http://www.northeastern.edu/its/services/software/sep/)
– Avoid using Adobe Flash. Please see below for instructions on how to disable Adobe Flash in your browser.
– If you must use flash, use Firefox or Chrome. Both have a built-in “sandbox” feature which “adds an additional layer of protection to your browser by protecting against malicious web pages that try to leave programmes on your computer, monitor your web activities or steal private information from your hard drive” (https://tools.google.com/dlpage/res/chrome/en-GB/more/security.html)
Disabling Adobe Flash:
Internet Explorer versions 10 and 11
Open Internet Explorer
Click on the “Tools” menu, and then click “Manage add-ons”
Under “Show”, select “All add-ons”
Select “Shockwave Flash Object” and then click on the “Disable” button
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object”, and then clicking on the “Enable” button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.
Open the browser menu and click “Add-ons”
Select the “Plugins” tab
Select “Shockwave Flash” and click “Disable”
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash”, and then clicking on the “Enable” button.
Type “chrome:plugins” in the address bar to open the page
On the Plugins page that appears, find the “Flash” listing
To disable Adobe Flash Player completely, click the “Disable” link under its name
To enable Adobe Flash Player, click the “Enable” link under its name