Security Advisory - June 12, 2018
Zscaler protects against 4 new vulnerabilities for Adobe Flash Player.
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 4 vulnerabilities included in the June 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.
APSB18-19 – Security updates available for Adobe Flash Player.
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.
- Adobe Flash Player Desktop Runtime 184.108.40.206 and earlier for Windows, Macintosh and Linux
- Adobe Flash Player for Google Chrome 220.127.116.11 and earlier for Windows, Macintosh, Linux and Chrome OS
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 18.104.22.168 and earlier for Windows 10 and 8.1
CVE-2018-4945 – Type Confusion vulnerability
This vulnerability is an instance of a type confusion overflow vulnerability in the ActionScript 2 VM, when handling microphone class. The flawed computation constructs an object using one type, but later access that object using a type that is incompatible with the original type. If an attacker can effectively control object of incompatible type, then the computation can result with out of bounds memory reads or write. The out of bounds memory access can lead to code corruption, control-flow hijack, or memory layout disclosure.
CVE-2018-5000 – Information Disclosure Vulnerability
This vulnerability is an instance of an integer overflow vulnerability when processing RTMP data. Specifically, the vulnerability is triggered by a crafted RTMP data which causes an indexing bug, where an attacker controls indexing into an array, and bounds checking does not account for the size of the data available in the array. The vulnerability is triggered by an integer manipulation error leading to an integer overflow. It can be leveraged for memory address disclosure.
CVE-2018-5001 – Information Disclosure Vulnerability
This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the bitmap data module. Crafted bitmap object manipulations lead to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVE-2018-5002 – Arbitrary Code Execution Vulnerability
The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the flawed bytecode verification procedure. A crafted input triggers the flawed computation where specially hand-crafted bytecode is not verified, which leads to memory write operation through the pointer that points to an invalid memory location. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can leverage the vulnerability to corrupt sensitive data or execute arbitrary code. The exploit has been observed in the wild, where the vulnerability was leveraged as a part of a multi-stage attack.