Security Advisory - July 14, 2015
Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player
Zscaler, working with Microsoft through their MAPPs program, has deployed protections for the following 7 vulnerabilities included in the July 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.
APSB15-16 - Security updates available for Adobe Reader and Acrobat
- Adobe Flash Player Desktop Runtime 126.96.36.199 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release 188.8.131.526 and earlier versions for Windows and Macintosh
- Adobe Flash Player for Google Chrome 184.108.40.206 and earlier versions for Windows, Macintosh and Linux
- Adobe Flash Player 220.127.116.118 and earlier versions for Linux
- AIR Desktop Runtime 18.104.22.168 and earlier versions for Windows and Macintosh
- AIR SDK 22.214.171.124 and earlier versions for Windows, Macintosh, Android and iOS
CVE-2015-5119 - Use-after-free in the ByteArray assignation operator
CVE-2015-3128 - Use after free vulnerability in Flash when a text field that was added to a movie clip is deleted by an implementation of valueOf() or toString() in a custom object.
CVE-2015-3127 - Use after free vulnerability in Flash when a SharedObject is used as part of the Array
CVE-2015-3119 - Type Confusion vulnerability in NetConnection with __proto__
CVE-2015-3118 - Use after free vulnerability when setting TextField.filters
CVE-2014-0578 - Same origin policy bypass that can lead to cross-site information disclosures
CVE-2015-3121 - The data member of the SharedObject has Type Confusion vulnerability
Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.