On October 11th, 2016, Adobe released security updates for both Adobe Flash[1] and Adobe Acrobat Reader[2] to fix several critical vulnerabilities. If you don’t have Flash or Reader configured to auto-update, ISC strongly recommends that you manually update your installation as soon as possible.
Users in managed environments such as IBM Endpoint Manager can expect to be patched for this vulnerability shortly.
For users in unmanaged environments, ISC strongly recommends configuring the software to use Adobe's automatic update for Flash Player. Available for both Windows and OS X, this update check can be configured to either alert the user to the availability of an update or to automatically install any available Flash Player update. These settings can be found in these locations:
- Windows: click Start > Settings > Control Panel > Flash Player
- OS X: System Preferences > Flash Player (note: under “Other")
Google Chrome (Windows and macOS) and Internet Explorer 10/11 (Windows 8.x only) manage and update their Flash Player instances from within the browser. Windows 7 users of Internet Explorer 10/11 must download and install the plug-in for Flash Player. All web browsers should be restarted following the update.
Adobe states that, by default, Acrobat Reader should update automatically when updates are available.
To download the latest version of Flash Player manually:
https://get.adobe.com/flashplayer/
To download the latest version of Acrobat Reader manually:
For information about the security bulletins:
[1] https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
[2] https://helpx.adobe.com/security/products/acrobat/apsb16-33.html