Zenith Live Europe has begun. If you can't be there, view it here. Live Stream
Zenith Live Europe has begun. If you can't be there, view it here.
Live Stream

Zero trust security

Make it possible

Your Mission

 

Security Advisory - April 11, 2017

Zscaler protects against 36 new vulnerabilities for Adobe Flash Player and Adobe Acrobat Reader.

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 36 vulnerabilities included in the April 2017 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections as necessary.

APSB17-11 – Security updates available for Acrobat Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Severity: Critical 
Affected Software

  • Acrobat DC Continuous 15.023.20070 and earlier versions for Windows and Macintosh.
  • Acrobat Reader DC Continuous 15.023.20070 and earlier versions for Windows and Macintosh.
  • Acrobat DC Classic 15.006.30280 and earlier versions for Windows and Macintosh.
  • Acrobat Reader DC Classic 15.006.30280 and earlier versions for Windows and Macintosh.
  • Acrobat XI Desktop 11.0.19 and earlier versions for Windows and Macintosh.
  • Reader XI Desktop 11.0.19 and earlier versions for Windows and Macintosh.

CVE-2017-3014 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3017 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3019 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3020 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3021 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3022 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3023 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3025 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3026 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3027 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3029 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3030 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3031 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3032 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3033 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3034 – Acrobat Reader Integer Overflow Vulnerability
CVE-2017-3035 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3036 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3037 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3038 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3039 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3041 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3044 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3045 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3046 – Acrobat Reader Information Disclosure Vulnerability
CVE-2017-3047 – Acrobat Reader Use After Free Vulnerability
CVE-2017-3048 – Acrobat Reader Heap Overflow Vulnerability
CVE-2017-3049 – Acrobat Reader Heap Overflow Vulnerability
CVE-2017-3055 – Acrobat Reader Heap Overflow Vulnerability
CVE-2017-3056 – Acrobat Reader Memory Corruption Vulnerability
CVE-2017-3057 – Acrobat Reader Use After Free Vulnerability

APSB17-10 – Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Severity: Critical 

Affected Software

  • Adobe Flash Player Desktop Runtime 25.0.0.127 and earlier for Windows, Macintosh and Linux
  • Adobe Flash Player for Google Chrome 25.0.0.127 and earlier for Windows, Macintosh, Linux and Chrome OS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 25.0.0.127 and earlier for Windows 10 and 8.1

CVE-2017-3058 – Flash Player Use After Free Vulnerability
CVE-2017-3059 – Flash Player Use After Free Vulnerability
CVE-2017-3061 – Flash Player Memory Corruption Vulnerability
CVE-2017-3062 – Flash Player Use After Free Vulnerability
CVE-2017-3063 – Flash Player Use After Free Vulnerability