Zenith Live is coming to Europe in October. Join us! Learn More
Zenith Live is coming to Europe in October. Join us!
Learn More

Zero trust security

Make it possible

Your Mission

 

Security Advisory - October 11, 2016

Zscaler protects against 48 new vulnerabilities for Adobe Flash Player and Adobe Reader.

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 48 vulnerabilities included in the October 2016 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

APSB16-32 – Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

Severity: Critical 

Affected Software

  • Adobe Flash Player Desktop Runtime 23.0.0.162 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.375 and earlier
  • Adobe Flash Player for Google Chrome 23.0.0.162 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.162 and earlier
  • Adobe Flash Player for Linux 11.2.202.635 and earlier

CVE-2016-4273 – Flash Player Memory Corruption Vulnerability
CVE-2016-6981 – Flash Player Use After Free Vulnerability
CVE-2016-6982 – Flash Player Memory Corruption Vulnerability
CVE-2016-6983 – Flash Player Memory Corruption Vulnerability
CVE-2016-6984 – Flash Player Memory Corruption Vulnerability
CVE-2016-6985 – Flash Player Memory Corruption Vulnerability
CVE-2016-6987 – Flash Player Use After Free Vulnerability

APSB16-33 – Security updates available for Adobe Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Severity: Critical 

Affected Software

  • Acrobat DC Continuous 15.017.20053 and earlier versions
  • Acrobat Reader DC Continuous 15.017.20053 and earlier versions
  • Acrobat DC Classic 15.006.30201 and earlier versions
  • Acrobat Reader DC Classic 15.006.30201 and earlier versions   
  • Acrobat XI Desktop 11.0.17 and earlier versions
  • Reader XI Desktop 11.0.17 and earlier versions

CVE-2016-1089 – Acrobat Reader Use After Free Vulnerability
CVE-2016-1091 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6939 – Acrobat Reader Heap Overflow Vulnerability
CVE-2016-6940 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6941 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6942 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6943 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6944 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6945 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6946 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6947 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6948 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6950 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6951 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6952 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6953 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6954 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6955 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6957 – Acrobat Reader Security Bypass Vulnerability
CVE-2016-6958 – Acrobat Reader Security Bypass Vulnerability
CVE-2016-6959 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6960 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6961 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6962 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6963 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6964 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6965 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6966 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6967 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6968 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6969 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6970 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6971 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6972 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6973 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6975 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6976 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6977 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6978 – Acrobat Reader Memory Corruption Vulnerability
CVE-2016-6979 – Acrobat Reader Use After Free Vulnerability
CVE-2016-6988 – Acrobat Reader Use After Free Vulnerability

APSB16-36 – Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

Severity: Critical 

Affected Software

  • Adobe Flash Player Desktop Runtime 23.0.0.185 and earlier
  • Adobe Flash Player for Google Chrome 23.0.0.185 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.185 and earlier
  • Adobe Flash Player for Linux 11.2.202.637 and earlier

CVE-2016-7855 – Flash Player Use After Free Vulnerability