Security Advisory - August 08, 2017

Zscaler protects against 31 new vulnerabilities for Adobe Flash Player and Acrobat Reader.

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 31 vulnerabilities included in the August 2017 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections as necessary.

APSB17-23 – Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.

Severity: Critical 
Affected Software

  • Adobe Flash Player Desktop Runtime 26.0.0.137 and earlier for Windows, Macintosh and Linux
  • Adobe Flash Player for Google Chrome 26.0.0.137 and earlier for Windows, Macintosh, Linux and Chrome OS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 26.0.0.137 and earlier for Windows 10 and 8.1

CVE-2017-3106 – Flash Player Type Confusion Vulnerability

APSB17-24 – Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address vulnerabilities rated Critical and Important that could potentially allow an attacker to take control of the affected system.

Severity: Critical
Affected Software

  • Acrobat DC (Continuous Track) 2017.009.20058 and earlier versions for Windows and Macintosh
  • Acrobat Reader DC (Continuous Track) 2017.009.20058 and earlier versions for Windows and Macintosh
  • Acrobat 2017 2017.008.30051 and earlier versions for Windows and Macintosh
  • Acrobat Reader 2017 2017.008.30051 and earlier versions for Windows and Macintosh
  • Acrobat DC (Classic Track) 2015.006.30306 and earlier versions for Windows and Macintosh
  • Acrobat Reader DC (Classic Track) 2015.006.30306 and earlier versions for Windows and Macintosh
  • Acrobat XI 11.0.20 and earlier versions for Windows and Macintosh
  • Reader XI 11.0.20 and earlier versions for Windows and Macintosh

CVE-2017-3113 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3116 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3118 – Acrobat Reader Security Bypass Vulnerability
CVE-2017-3119 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3120 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3121 – Acrobat Reader Heap Overflow Vulnerability
CVE-2017-3123 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3124 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11209 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11210 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11212 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11218 – Acrobat Reader Use After Free Vulnerability
CVE-2017-11219 – Acrobat Reader Use After Free Vulnerability
CVE-2017-11220 – Acrobat Reader Heap Overflow Vulnerability
CVE-2017-11221 – Acrobat Reader Type Confusion Vulnerability
CVE-2017-11222 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11223 – Acrobat Reader Use After Free Vulnerability
CVE-2017-11226 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11229 – Adobe Acrobat Reader Security Bypass Vulnerability
CVE-2017-11230 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11231 – Acrobat Reader Use After Free Vulnerability
CVE-2017-11241 – Acrobat Reader Heap Overflow Vulnerability
CVE-2017-11252 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11254 – Acrobat Reader Use After Free Vulnerability
CVE-2017-11256 – Acrobat Reader Use After Free Vulnerability
CVE-2017-11257 – Acrobat Reader Type Confusion Vulnerability
CVE-2017-11259 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11263 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11265 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-11269 – Acrobat Reader Memory Corruption Vulnerability