Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 1 vulnerability included in the January 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.
APSB18-01 – Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
CVE-2018-4871 – Flash Player Out-of-bounds Read Vulnerability
This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of Adobe Texture Format (ATF) decoding of lossy compressed ETC2 format. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.