Security Advisory - February 14, 2017

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 12 vulnerabilities included in the February 2017 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.

APSB17-04 – Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Severity: Critical 

Affected Software

• Adobe Flash Player Desktop Runtime 24.0.0.194 and earlier for Windows, Macintosh and Linux
• Adobe Flash Player for Google Chrome 24.0.0.194 and earlier for Windows, Macintosh, Linux and Chrome OS
• Adobe Flash Player for Microsoft Edge and Internet Explorer 11 24.0.0.194 and earlier for Windows 10 and 8.1

CVE-2017-2982 – Flash Player Use After Free Vulnerability
CVE-2017-2984 – Flash Player Heap Overflow Vulnerability
CVE-2017-2985 – Flash Player Use After Free Vulnerability
CVE-2017-2986 – Flash Player Heap Overflow Vulnerability
CVE-2017-2987 – Flash Player Integer Overflow Vulnerability
CVE-2017-2988 – Flash Player Memory Corruption Vulnerability
CVE-2017-2990 – Flash Player Memory Corruption Vulnerability
CVE-2017-2991 – Flash Player Memory Corruption Vulnerability
CVE-2017-2993 – Flash Player Use After Free Vulnerability
CVE-2017-2994 – Flash Player Use After Free Vulnerability
CVE-2017-2995 – Flash Player Type Confusion Vulnerability
CVE-2017-2996 – Flash Player Memory Corruption Vulnerability