This information was sent to IT staff groups via email on May 13, 2015, with an update on May 27, 2015.
This message is intended for U-M IT staff who are responsible for maintaining and running university machines that have Adobe Flash Player and/or Adobe AIR products installed.
May 27 Update: Adobe Flash Player vulnerability CVE-2015-3090 is now being actively exploited. Unpatched machines can be compromised in order to deliver malware. Update affected machines as soon as possible. MiWorkspace-managed machines have been patched and are no longer at risk.
- Adobe’s AIR is short for Adobe Integrated Runtime application, which lets developers create apps that can run on multiple platforms without needing any additional coding requirements. The software is quite powerful and provides tools that can help you enhance the user experience, irrespective of the device on which the app runs.
- To learn more about HARMAN’s solutions for Adobe AIR, Adobe Flash Player or the migration of Flash content, contact us today. Adobe Flash Player or the migration.
Flash Player was used internally by the Adobe Integrated Runtime (AIR), to provide a cross-platform runtime environment for desktop applications and mobile applications. AIR supports installable applications on Windows, Linux, macOS, and some mobile operating systems such as iOS and Android. Update Adobe Flash Player to the latest version by visiting Adobe Flash Player Download Center. Update Adobe AIR products by visiting Adobe AIR Download Center. Windows and Mac: Update to Adobe Flash Player 17.0.0.188. Linux: Update to Adobe Flash Player 11.2.202.460. Google Chrome: Will automatically update to version 17.0.0.188. Applications created on Win and Mac Projector will continue to work after 2020, since they do not rely on a web browser, Flash Player plug-in, Adobe AIR, or any other platform runtime. That is, I can continue to develop my applications and export as a projector (.exe and.app) and use them even after 2020.
Summary
On May 12, Adobe released another set of security updates for Adobe Flash Player and AIR products for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
Affected Versions
- Adobe Flash Player 17.0.0.169 and earlier versions
- Adobe Flash Player 13.0.0.281 and earlier 13.x versions
- Adobe Flash Player 11.2.202.457 and earlier 11.x versions
- AIR Desktop Runtime 17.0.0.144 and earlier versions
- AIR SDK and SDK & Compiler 17.0.0.144 and earlier versions
Action Items
Update Adobe Flash Player to the latest version by visiting Adobe Flash Player Download Center. Update Adobe AIR products by visiting Adobe AIR Download Center.
- Windows and Mac: Update to Adobe Flash Player 17.0.0.188.
- Linux: Update to Adobe Flash Player 11.2.202.460.
- Google Chrome: Will automatically update to version 17.0.0.188.
- Internet Explorer on Windows 8.x: Will automatically update to version 17.0.0.188.
- Extended Support Release: Update to version 13.0.0.289 by visiting Archived Flash Player Versions.
- Adobe AIR desktop runtime: Update to version 17.0.0.172.
- Adobe AIR SDK and AIR SDK & Compiler: Update to version 17.0.0.172.
Information for Users
MiWorkspace machines will be updated today, May 13. If you have Adobe Flash Player installed on your own devices that are not managed by the university, please update by visiting the Adobe Flash Player Download Center.
In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Spam, Phishing, and Suspicious Email,Instructions for Securing Your Devices and Data, and Use a Secure Internet Connection.
Questions, Concerns, Reports
Please contact iia.inform@umich.edu.
Sincerely,
ITS Information and Infrastructure Assurance
References
Flash Player Ipad Air 3
- Adobe Security Bulletin (Adobe, 5/12/15)
- Adobe, Microsoft Push Critical Security Fixes (Krebs on Security, 5/12/15)
- Angler EK Exploiting Adobe Flash CVE-2015-3090 (FireEye, 5/26/15)
Since its release in 2008, the Adobe AIR runtime has enabled developers to create and deploy Flex, ActionScript and HTML-based content as standalone desktop apps, as well as native iOS and Android apps running on mobile devices since 2010. We’ve been impressed by the broad set of AIR apps and games created by the developer community – reaching hundreds of millions of desktop and mobile devices. Adobe values the work of the developer community, and we’ve incorporated feedback received over the years into our runtimes and product roadmaps.
Adobe remains committed to providing exceptional tools and services for designers and developers to create engaging content. We also leverage our robust partner ecosystem to enhance product development and meet our customers’ needs with evolving desktop and mobile app development tools.
As of June 2019, Adobe is transitioning ongoing platform support and feature development of AIR to HARMAN. This will coincide with an Adobe-issued update of AIR, v32, for supported mobile and desktop platforms. HARMAN has a long-standing history as an Adobe AIR partner, maintains knowledge of the platform and ecosystem, and is well-positioned to support AIR developers moving forward.
HARMAN (a wholly‐owned subsidiary of Samsung Electronics Co., Ltd.) designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide. HARMAN’s software services power billions of mobile devices and systems that are connected, integrated and secure across all platforms, from work and home to car and mobile. Adobe has a long history collaborating with HARMAN, which is a key partner for Flash runtime migration and enterprise support as companies transition their existing ActionScript and Flex applications to new technologies. HARMAN has also been supporting customers with bespoke versions of Adobe AIR for the past decade.
Adobe will provide basic security support – limited to security fixes only for desktop platforms (Windows 7 and above, and Mac OS X) – for Adobe AIR v32 until the end of 2020. After that time, Adobe support for AIR will be discontinued and ongoing support will be managed by HARMAN and communicated by them directly. However, beginning with the release of AIR v33 by HARMAN, developers should contact HARMAN directly for AIR support on both mobile and desktop platforms – including bug fixes, platform compatibility, and new and improved functionality.
Flash Player Mac Air
For more information about the transition of AIR, please visit HARMAN’s website and the Adobe AIR Community Forum. AIR developers needing assistance can also contact HARMAN at adobe.support@harman.com.