Security Advisory - July 14, 2015

Zscaler, working with Microsoft through their MAPPs program, has deployed protections for the following 7 vulnerabilities included in the July 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.

APSB15-16 - Security updates available for Adobe Reader and Acrobat

Severity: Critical
Affected Software

• Adobe Flash Player Desktop Runtime 18.0.0.194 and earlier versions for Windows and Macintosh
• Adobe Flash Player Extended Support Release 13.0.0.296 and earlier versions for Windows and Macintosh
• Adobe Flash Player for Google Chrome 18.0.0.194 and earlier versions for Windows, Macintosh and Linux
• Adobe Flash Player 11.2.202.468 and earlier versions for Linux
• AIR Desktop Runtime 18.0.0.144 and earlier versions for Windows and Macintosh
• AIR SDK 18.0.0.144 and earlier versions for Windows, Macintosh, Android and iOS

CVE-2015-5119 - Use-after-free in the ByteArray assignation operator
CVE-2015-3128 - Use after free vulnerability in Flash when a text field that was added to a movie clip is deleted by an implementation of valueOf() or toString() in a custom object.
CVE-2015-3127 - Use after free vulnerability in Flash when a SharedObject is used as part of the Array
CVE-2015-3119 - Type Confusion vulnerability in NetConnection with __proto__
CVE-2015-3118 - Use after free vulnerability when setting TextField.filters
CVE-2014-0578 - Same origin policy bypass that can lead to cross-site information disclosures
CVE-2015-3121 - The data member of the SharedObject has Type Confusion vulnerability

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.