Security Advisory - August 27, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player and Adobe Reader

 

 

Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 45 vulnerabilities included in the August 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections as necessary.

APSB15-16 - Security updates available for Adobe Flash Player

Severity: Critical
Affected Software

  • Adobe Flash Player Desktop Runtime 18.0.0.194 and earlier
  • Adobe Flash Player Extended Support Release 13.0.0.296 and earlier
  • Adobe Flash Player for Google Chrome 18.0.0.194 and earlier
  • Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.194 and earlier
  • Adobe Flash Player 11.2.202.468 and earlier
  • AIR Desktop Runtime 18.0.0.144 and earlier
  • AIR SDK 18.0.0.144 and earlier
  • AIR SDK & Compiler 18.0.0.144 and earlier

CVE-2015-3124 - Flash Player Use After Free Vulnerability
CVE-2015-3134 - Flash Player Buffer Overflow Vulnerability
CVE-2015-3137 - Flash Player Use After Free Vulnerability
CVE-2015-5118 - Flash Player Use After Free Vulnerability
CVE-2015-5545 - Flash Player Memory Corruption Vulnerability

APSB15-19 - Security updates available for Adobe Flash Player

Severity: Critical
Affected Software

  • Adobe Flash Player Desktop Runtime 18.0.0.209 and earlier
  • Adobe Flash Player Extended Support Release 13.0.0.309 and earlier
  • Adobe Flash Player for Google Chrome 18.0.0.209 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 18.0.0.209 and earlier
  • Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.209 and earlier
  • Adobe Flash Player for Linux 11.2.202.491 and earlier
  • AIR Desktop Runtime 18.0.0.180 and earlier
  • AIR SDK 18.0.0.180 and earlier
  • AIR SDK & Compiler 18.0.0.180 and earlier

CVE-2015-3107 – Flash Player Use After Free Vulnerability
CVE-2015-5124 – Flash Player Use After Free Vulnerability
CVE-2015-5126 – Flash Player Memory Corruption Vulnerability
CVE-2015-5130 – Flash Player Use After Free Vulnerability
CVE-2015-5131 – Flash Player Buffer Overflow / Underflow Vulnerability
CVE-2015-5133 – Flash Player Buffer Overflow / Underflow Vulnerability
CVE-2015-5134 – Flash Player Use After Free Vulnerability
CVE-2015-5539 – Flash Player Use After Free Vulnerability
CVE-2015-5541 – Flash Player Heap Overflow Vulnerability
CVE-2015-5544 – Flash Player Memory Corruption Vulnerability
CVE-2015-5545 – Flash Player Memory Corruption Vulnerability
CVE-2015-5547 – Flash Player Memory Corruption Vulnerability
CVE-2015-5548 – Flash Player Memory Corruption Vulnerability
CVE-2015-5549 – Flash Player Memory Corruption Vulnerability
CVE-2015-5550 – Flash Player Use After Free Vulnerability
CVE-2015-5551 – Flash Player Use After Free Vulnerability
CVE-2015-5556 – Flash Player Use After Free Vulnerability
CVE-2015-5557 – Flash Player Use After Free Vulnerability
CVE-2015-5558 – Flash Player Use After Free Vulnerability
CVE-2015-5559 – Flash Player Memory Corruption Vulnerability
CVE-2015-5560 – Flash Player Integer Overflow Vulnerability
CVE-2015-5562 – Flash Player Type Confusion Vulnerability
CVE-2015-5563 – Flash Player Use After Free Vulnerability
CVE-2015-5564 – Flash Player Use After Free Vulnerability
CVE-2015-5565 – Flash Player Use After Free Vulnerability
CVE-2015-5566 – Flash Player Use After Free Vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

APSB15-15Security Updates Available for Adobe Acrobat and Reader

Severity: Critical
Affected Software

  • Acrobat DC 2015.007.20033
  • Acrobat Reader DC 2015.007.20033
  • Acrobat XI 11.0.11 and earlier versions
  • Acrobat X 10.1.14 and earlier versions
  • Reader XI 11.0.11 and earlier versions
  • Reader X 10.1.14 and earlier versions

CVE-2015-4435 – Reader Security Bypass Vulnerability
CVE-2015-4438 – Reader Security Bypass Vulnerability
CVE-2015-4441 – Reader Security Bypass Vulnerability
CVE-2015-4443 – Reader Null Pointer Vulnerability
CVE-2015-4445 – Reader Security Bypass Vulnerability
CVE-2015-4446 – Reader Security Bypass Vulnerability
CVE-2015-4449 – Reader Security Bypass Vulnerability
CVE-2015-4451 – Reader Security Bypass Vulnerability
CVE-2015-4452 – Reader Security Bypass Vulnerability
CVE-2015-5089 – Reader Information Disclosure Vulnerability
CVE-2015-5090 – Reader Security Bypass Vulnerability
CVE-2015-5106 – Reader Integer Overflow Vulnerability
CVE-2015-5107 – Reader Information Disclosure Vulnerability
CVE-2015-5109 – Reader Integer Overflow Vulnerability

Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.