Security Advisory - July 11, 2017
Zscaler protects against 2 new vulnerabilities for Adobe Flash Player.
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 2 vulnerabilities included in the July 2017 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.
APSB17-21 – Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
- Adobe Flash Player Desktop Runtime 220.127.116.11 and earlier for Windows, Macintosh and Linux
- Adobe Flash Player for Google Chrome 18.104.22.168 and earlier for Windows, Macintosh, Linux and Chrome OS
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 22.214.171.124 and earlier for Windows 10 and 8.1
CVE-2017-3080 – Flash Player Security Bypass Vulnerability
This vulnerability is an instance of an information disclosure vulnerability in the Flash API used by Internet Explorer.
CVE-2017-3100 – Flash Player Memory address disclosure Vulnerability
This vulnerability is an instance of a memory corruption vulnerability in the Action Script 2 BitmapData class. The vulnerability triggers access violation exception due to out of bounds read access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.