Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 3 vulnerabilities included in the April 2016 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections as necessary.
APSB16-10 – Security updates available for Flash Player
- Adobe Flash Player Desktop Runtime 22.214.171.124 and earlier
- Adobe Flash Player Extended Support Release 126.96.36.1993 and earlier
- Adobe Flash Player for Google Chrome 188.8.131.52 and earlier
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 184.108.40.206 and earlier
- Adobe Flash Player for Internet Explorer 11 220.127.116.11 and earlier
- Adobe Flash Player for Linux 18.104.22.1687 and earlier
- AIR Desktop Runtime 22.214.171.124 and earlier
- AIR SDK 126.96.36.199 and earlier
- AIR SDK & Compiler 188.8.131.52 and earlier
CVE-2016-1017 – Flash Player Use-After-Free Vulnerability
CVE-2016-1018 – Flash Player Buffer Overflow / Underflow Vulnerability
CVE-2016-1019 – Flash Player Type Confusion Vulnerability
Description: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.