Jamf Nation Community

RobertHammen · ‎01-22-2015

Suggest disabling Flash Player until they release a new version (newer than the 16.0.0.287 released today) next week to address a nasty 0-day vulnerability that is being widely exploited on the net:

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
http://research.zscaler.com/2015/01/malvertising-leading-to-flash-zero-day.html

Corporate clients with web filter/firewalls should block compromised advertising networks like

oneclickads.net
adcash.com

taugust04 · ‎01-22-2015

Wow. Counting next weeks update, we're are almost at four Flash Player patches in four weeks here!

Nix4Life · ‎01-23-2015

Nice catch @RobertHammen...munki test branch saves the day..again

LS

kstrick · ‎01-23-2015

Silver lining (maybe) is that I think it doesn't directly effect Macs, since it relies on DLL's and the registry.
Adobe still needs to get their stuff in order, it's ridiculous how many holes flash has in it.

lsmc08 · ‎01-23-2015

@RobertHammen, thanks for sharing this info!

tobiaslinder · ‎01-24-2015

To be on the safe side I just sent a policy with this command to a few thousand devices:

#!/bin/sh
# Script to remove Flash Player for security purposes.
# anykey IT AG, Tobias Linder, 24.01.2015

if [ -d "/Library/Internet Plug-Ins/Flash Player.plugin" ]; then
rm -r /Library/Internet Plug-Ins/Flash Player.plugin
rm -r /Library/Internet Plug-Ins/flashplayer.xpt
rm -r /Library/PreferencePanes/Flash Player.prefPane
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Flash Player deactivated" -description "We have deactivated Flash Player for you because of a security exploit. The moment Adobe will patch the hole we will re-activate the Player again.

best regards, anykey IT AG"
echo Successfully removed Adobe Flash Player

else
echo Flash Player is already removed

fi

exit 0

gregneagle · ‎01-24-2015

Flash Player will run just fine from ~/Library/Internet Plugins...

And what about the Flash Player embedded in Chrome?

tobiaslinder · ‎01-24-2015

@gregneagle][/url: good point, I should also scan the ~/Library folder. Thanks so much for causing me extra work on Sunday :-)

On the news sites I consulted they said that there are no known preaches with Google Chrome. Anyone having seen other info?

tobiaslinder · ‎01-25-2015

Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24:

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

I updated it on one machine and then created a pkg with Composer to distribute to the other machines.

bvrooman · ‎01-26-2015

16.0.0.296 is available from the enterprise distribution site now, as well.

tobiaslinder · ‎01-26-2015

thanks @bvroomnan

Jamf Nation Community

Beware Flash Player - new 16.0.0.287 doesn't fix 0-day...