Security Advisory - November 17, 2015

Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 6 vulnerabilities included in the November 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.

APSB15-28 - Security updates available for Flash Player

Severity: Critical
Affected Software

• Adobe Flash Player Desktop Runtime 19.0.0.226 and earlier
• Adobe Flash Player Extended Support Release 18.0.0.255 and earlier
• Adobe Flash Player for Google Chrome 19.0.0.226 and earlier
• Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.226 and earlier
• Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.226 and earlier
• Adobe Flash Player for Linux 11.2.202.540 and earlier
• AIR Desktop Runtime 19.0.0.213 and earlier
• AIR SDK 19.0.0.213 and earlier
• AIR SDK & Compiler 19.0.0.213 and earlier
• AIR for Android 19.0.0.190 and earlier

CVE-2015-8042 - Flash Player Use After Free Vulnerability
CVE-2015-7663 - Flash Player Use After Free Vulnerability
CVE-2015-7660 - Flash Player Use After Free Vulnerability
CVE-2015-7655 - Flash Player Use After Free Vulnerability
CVE-2015-7654 - Flash Player Use After Free Vulnerability
CVE-2015-7652 - Flash Player Use After Free Vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.