Avvisi di Sicurezza Zscaler

Consulenza sulla sicurezza - maggio 13, 2016

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player and Acrobat Reader

  1. Overview

Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 53 vulnerabilities included in the May 2016 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

APSB16-14Security Updates Available for Adobe Acrobat and Reader

Severity: Critical

Affected Software

  • Acrobat DC Continuous 15.010.20060 and earlier versions
  • Acrobat Reader Continuous DC 15.010.20060 and earlier versions
  • Acrobat DC Classic 15.006.30121 and earlier versions
  • Acrobat Reader DC Classic 15.006.30121 and earlier versions    
  • Acrobat XI Desktop 11.0.15 and earlier versions
  • Reader XI Desktop 11.0.15 and earlier versions

CVE-2016-1037 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1038 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1039 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1040 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1041 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1042 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1043 – Acrobat Reader Integer Overflow Vulnerability

CVE-2016-1044 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1045 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1048 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1049 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1050 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1051 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1052 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1053 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1054 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1055 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1056 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1057 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1061 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1062 – Acrobat Reader Security Bypass Vulnerability

CVE-2016-1064 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1065 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1067 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1068 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1069 – Acrobat Reader Use After Free Vulnerability

CVE-2016-1071 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1072 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1073 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1074 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1075 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1077 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1079 – Acrobat Reader Information Disclosure Vulnerability

CVE-2016-1081 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1082 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1083 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1084 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1086 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1088 – Acrobat Reader Memory Corruption Vulnerability

CVE-2016-1092 – Acrobat Reader Information Disclosure Vulnerability

CVE-2016-1116 – Acrobat Reader Memory Corruption Vulnerability

 

Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

APSB16-15Security updates available for Flash Player

Severity: Critical

Affected Software

  • Adobe Flash Player Desktop Runtime 21.0.0.226 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.343 and earlier
  • Adobe Flash Player for Google Chrome 21.0.0.216 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.213 and earlier
  • Adobe Flash Player for Internet Explorer 11 21.0.0.213 and earlier
  • Adobe Flash Player for Linux 11.2.202.616 and earlier
  • AIR Desktop Runtime 21.0.0.198 and earlier
  • AIR SDK 21.0.0.198 and earlier
  • AIR SDK & Compiler 21.0.0.198 and earlier

CVE-2016-1097 – Flash Player Use After Free Vulnerability

CVE-2016-1098 – Flash Player Memory Corruption Vulnerability

CVE-2016-1100 – Flash Player Memory Corruption Vulnerability

CVE-2016-1101 – Flash Player Heap Overflow Vulnerability

CVE-2016-1106 – Flash Player Use After Free Vulnerability

CVE-2016-1107 – Flash Player Use After Free Vulnerability

CVE-2016-1108 – Flash Player Use After Free Vulnerability

CVE-2016-1109 – Flash Player Use After Free Vulnerability

CVE-2016-1110 – Flash Player Use After Free Vulnerability

CVE-2016-4108 – Flash Player Use After Free Vulnerability

CVE-2016-4116 – Flash Player Security Bypass Vulnerability

CVE-2016-4117 – Flash Player Type Confusion Vulnerability

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.