Security Advisory - June 16, 2016

Zscaler protects against 14 new vulnerabilities for Adobe Flash Player

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 14 vulnerabilities included in the June 2016 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

APSA16-03 –  Security Advisory for Adobe Flash Player

A critical vulnerability exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Severity: Critical 

Affected Software

  • Adobe Flash Player 21.0.0.242 and earlier versions

CVE-2016-4171 – Memory Corruption Vulnerability


APSB16-15 –  Security Advisory for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.

Severity: Critical 

Affected Software

  • Adobe Flash Player Desktop Runtime 21.0.0.226 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.343 and earlier
  • Adobe Flash Player for Google Chrome 21.0.0.216 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.241 and earlier
  • Adobe Flash Player for Internet Explorer 11 21.0.0.241 and earlier
  • Adobe Flash Player for Linux 11.2.202.616 and earlier
  • AIR Desktop Runtime 21.0.0.198 and earlier
  • AIR SDK 21.0.0.198 and earlier
  • AIR SDK & Compiler 21.0.0.198 and earlier
     

CVE-2016-4121 – Use After Free Vulnerability

 

APSB16-18 –  Security Advisory for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

Severity: Critical/High

Affected Software

  • Adobe Flash Player Desktop Runtime 21.0.0.242 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.352 and earlier
  • Adobe Flash Player for Google Chrome 21.0.0.242 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.242 and earlier
  • Adobe Flash Player for Linux 11.2.202.621 and earlier
     

CVE-2016-4133 – Memory Corruption Vulnerability

CVE-2016-4140 – Security Bypass Vulnerability

CVE-2016-4142 – Use After Free Vulnerability

CVE-2016-4143 – Use After Free Vulnerability

CVE-2016-4146 – Use After Free Vulnerability

CVE-2016-4147 – Use After Free Vulnerability

CVE-2016-4149 – Type Confusion Vulnerability

CVE-2016-4151 – Memory Corruption Vulnerability

CVE-2016-4152 – Memory Corruption Vulnerability

CVE-2016-4153 – Memory Corruption Vulnerability

CVE-2016-4154 – Memory Corruption Vulnerability

CVE-2016-4156 – Memory Corruption Vulnerability