Security Advisory - February 16, 2016

Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 13 vulnerabilities included in the February 2016 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.

APSB16-04 – Security updates available for Flash Player

Severity: Critical
Affected Software

• Adobe Flash Player Desktop Runtime 20.0.0.286 and earlier
• Adobe Flash Player Extended Support Release 18.0.0.326 and earlier
• Adobe Flash Player for Google Chrome 20.0.0.286 and earlier
• Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.272 and earlier
• Adobe Flash Player for Internet Explorer 11 20.0.0.272 and earlier
• Adobe Flash Player for Linux 11.2.202.559 and earlier
• AIR Desktop Runtime 20.0.0.233 and earlier
• AIR SDK 20.0.0.233 and earlier
• AIR SDK & Compiler 20.0.0.233 and earlier

CVE-2016-0959 – Flash Player Use-After-Free Vulnerability 

CVE-2016-0968 – Flash Player Memory Corruption Vulnerability

CVE-2016-0969 – Flash Player Memory Corruption Vulnerability

CVE-2016-0974 – Flash Player Use-After-Free Vulnerability

CVE-2016-0976 – Flash Player Memory Corruption Vulnerability

CVE-2016-0977 – Flash Player Memory Corruption Vulnerability

CVE-2016-0978 – Flash Player Memory Corruption Vulnerability

CVE-2016-0979 – Flash Player Memory Corruption Vulnerability

CVE-2016-0981 – Flash Player Memory Corruption Vulnerability

CVE-2016-0982 – Flash Player Use-After-Free Vulnerability

CVE-2016-0983 – Flash Player Use-After-Free Vulnerability

CVE-2016-0984 – Flash Player Use-After-Free Vulnerability

CVE-2016-0985 – Flash Player Type Confusion Vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.