Security Advisory - January 9, 2018
Zscaler protects against 1 new vulnerability for Adobe Flash Player.
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 1 vulnerability included in the January 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.
APSB18-01 – Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
- Adobe Flash Player Desktop Runtime 18.104.22.168 for Windows, Linux & Macintosh
- Adobe Flash Player for Google Chrome 22.214.171.124 for Windows, Macintosh, Linux and Chrome OS
- Adobe Flash Player Microsoft Edge and Internet Explorer 11 126.96.36.199 for Windows 10 and Windows 8.1
CVE-2018-4871 – Flash Player Out-of-bounds Read Vulnerability
This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of Adobe Texture Format (ATF) decoding of lossy compressed ETC2 format. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.