Thompson Rivers University
Thompson Rivers University

Alerts

Adobe Releases Security Updates for Flash Player https://www.us-cert.gov/ncas/current-activity/2015/10/16/Adobe-Releases-Security-Updates-Flash-Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-27 [1] and apply the necessary updates.

[1] Adobe Security Bulletin APSB15-27

https://helpx.adobe.com/security/products/flash-player/apsb15-27.html

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

StageFright – Android vulnerability

A vulnerability has been discovered in the Android operating system that allows an attacker to access data stored on your device or remotely install software merely by having your mobile phone number. This is vulnerability is being referred to as “StageFright”. All Android based phones after and including versions 2.2 are vulnerable.

An attacker can use your mobile number to remotely execute code using a media file delivered via text message such as a picture or video message. You are especially vulnerable if you have your device configured to auto-download media in your messaging apps.

To prevent auto-downloading on your Android device, review the settings for your default SMS client.

    Google Hangouts as default SMS:
        Open Google Hangouts
        Choose Settings
        Select SMS
        Scroll down and turn off Auto Retrieve MMS
    Google Messenger as default SMS:
        Open Messenger App
        Go to right hand of application and select the three dots
        Choose Settings
        Choose Advanced
        Turn off Auto-retrieve
    Other (using default messaging app):
        Go to Messages App
        Select More
        Select Settings
        Select Multimedia Messages
        Turn OFF Auto retrieve

This does not protect you from choosing to open or view unsolicited messages, webpages, links, etc. Safe surfing and texting habits still apply.

It is recommended that you contact your device manufacturer and cellular data provider to identify if and when a patch may be available for your individual device and operating system.  For more information about this vulnerability and the status of a patch for many Android vendors, please see the following National Cyber Awareness System Vulnerability Note:

http://www.kb.cert.org/vuls/id/924951