ALERT: Apply critical security update for Adobe Flash Player

Tuesday, June 23, 2015

This information was sent to IT staff groups June 23, 2015.

This message is intended for U-M IT staff who are responsible for maintaining and running university machines that have Adobe Flash Player installed.


Adobe has released a set of security updates for Adobe Flash Player. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. IIA recommends that you update to the latest versions as soon as possible after appropriate testing.

Affected Systems

  • Adobe Flash Player and earlier versions for Windows and Macintosh.
  • Adobe Flash Player Extended Support Release version and earlier 13.x versions for Windows and Macintosh.
  • Adobe Flash Player and earlier 11.x versions for Linux.

Action Items

Update Adobe Flash Player to the latest version by visiting Adobe Flash Player Download Center.

  • Windows and Mac: Update to Adobe Flash Player
  • Linux: Update to Adobe Flash Player
  • Google Chrome: Will automatically update to Adobe Flash Player version
  • Internet Explorer on Windows 8.x: Adobe Flash Player will automatically update to version
  • Extended Support Release: Update to Adobe Flash Player version by visiting Archived Flash Player Versions.

Technical Details

This critical vulnerability is a heap buffer overflow vulnerability (CVE-2015-3113) that is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer, as well as XP machines running Firefox, are known targets according to Adobe. If this vulnerability is exploited, an attacker could remotely execute code on unpatched machines.

Information for Users

MiWorkspace machines will be patched as soon as possible. If you have Adobe Flash Player installed on your own devices that are not managed by the university, please update it by visiting the Adobe Flash Player Download Center.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Spam, Phishing, and Suspicious Email, Instructions for Securing Your Devices and Data, and Use a Secure Internet Connection.

Questions, Concerns, Reports

Please contact [email protected].


Donald J. Welch, Ph.D., 
Chief Information Security Officer, 
University of Michigan