Zero trust security

Make it possible

Your Mission

 

Security Advisory - July 21, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player and Adobe Reader

 

 

Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 26 vulnerabilities included in the July 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.

APSA15-04 - Security updates available for Adobe Flash Player

Severity: Critical
Affected Software

  • Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
  • Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux

CVE-2015-5122 - ActionScript 3 opaqueBackground property vulnerability
CVE-2015-5123 - ActionScript 3 BitmapData object vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

APSB15-15Security updates available for Adobe Reader and Acrobat

Severity: Important
Affected Software

  • Acrobat XI 11.0.11 and earlier versions
  • Acrobat X 10.1.14 and earlier versions
  • Reader XI 11.0.11 and earlier versions
  • Reader X 10.1.14 and earlier versions

CVE-2014-8450 - Security Bypass vulnerabilities that could lead to information disclosure
CVE-2015-4447 - Security Bypass restrictions on JavaScript API execution
CVE-2015-5086 - Security Bypass restrictions on JavaScript API execution
CVE-2015-5087 - Security Bypass vulnerabilities that could lead to code execution
CVE-2015-5093 - Buffer Overflow / Underflow vulnerability that could lead to code execution
CVE-2015-5094 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5095 - Use After Free vulnerabilities that could lead to code execution
CVE-2015-5097 - Integer Overflow vulnerabilities that could lead to code execution
CVE-2015-5098 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5099 - Use After Free vulnerabilities that could lead to code execution
CVE-2015-5100 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5101 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5102 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5103 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5104 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5111 - Use After Free vulnerabilities that could lead to code execution
CVE-2015-5113 - Use After Free vulnerabilities that could lead to code execution

Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

APSB15-16Security updates available for Adobe Flash Player

everity: Critical
Affected Software

  • Adobe Flash Player Desktop Runtime 18.0.0.194 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release 13.0.0.296 and earlier versions for Windows and Macintosh
  • Adobe Flash Player for Google Chrome 18.0.0.194 and earlier versions for Windows, Macintosh and Linux
  • Adobe Flash Player 11.2.202.468 and earlier versions for Linux
  • AIR Desktop Runtime 18.0.0.144 and earlier versions for Windows and Macintosh
  • AIR SDK 18.0.0.144 and earlier versions for Windows, Macintosh, Android and iOS

CVE-2014-0578 - Same origin policy bypass that can lead to cross-site information disclosures
CVE-2015-3118 - Use after free vulnerability when setting TextField.filters
CVE-2015-3119 - Type Confusion vulnerability in NetConnection with __proto__
CVE-2015-3121 - The data member of the SharedObject has Type Confusion vulnerability
CVE-2015-3127 - Use after free vulnerability in Flash when a SharedObject is used as part of the Array
CVE-2015-3128 - Use after free vulnerability in Flash when a text field that was added to a movie clip is deleted by an implementation of valueOf() or toString() in a custom object.
CVE-2015-5119 - Use-after-free in the ByteArray assignation operator

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.