Skip to main content
Learn More
Shearman at dusk

Information Security Blog

Information Security Blog

Updates for Multiple Vulnerabilities in Adobe Flash Player

CIS ADVISORY NUMBER: 2014-050

Executive Summary

06/10/2014
A security update has been released to address multiple vulnerabilities in Adobe Flash Player. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.

Threat Intelligence

There currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected

  • Adobe Flash Player 13.0.0.214 and earlier versions for Windows
  • Adobe Flash Player 13.0.0.214 and earlier versions for Macintosh
  • Adobe Flash

Phishing Attempts Continue To Plague Universities

Ignore and Delete Suspicious Email

05/23/2014
McNeese State University is often the subject of phishing attempts in which an email claims to be from a group or person at MSU or claims to be specifically related to University business. Some of the recent attempts claim that your email has exceeded its quota or that you need to verify your account due to a service upgrade. Various other models are seen from time to time, as well. These are fraudulent and should be deleted.

If you received the below email or similar, please ignore and delete it. This is a phishing attempt.

From: "Technical Support"
Reply To: xxxxxxxx@xxxxxxx.xxx

You are required to click on the link to verify your email account because we are upgrading our webmail.

Webmail Technical Support Copyright 2012. All Rights Reserved


Disclaimer:

Google Chrome Could Allow Remote Code Execution

MS-ISAC ADVISORY NUMBER:  2014-048

Executive Summary

05/21/2014
Multiple vulnerabilities have been discovered in Google Chrome that could result in remote code execution. Google Chrome is a web browser used to access the Internet. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the affected application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Threat Intelligence

At this time, there is no known proof-of-concept code available.

Systems Affected

  • Google Chrome versions prior to 35.0.1916.114

Risk

Government
  • Large and medium government entities: High
  • Small government entities:

Pages