Zscaler Security Advisories

Security Advisory - October 27, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player

  1. Overview
  2. APSB15-25 - Security updates available for Adobe Flash Player
  3. APSB15-27 - Security updates available for Adobe Flash Player

Zscaler, working with Microsoft through their MAPP program, has deployed protections for the following 5 vulnerabilities included in the October 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

APSB15-25 - Security updates available for Adobe Flash Player

Severity: Critical
Affected Software

  • Adobe Flash Player Desktop Runtime 19.0.0.185 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.241 and earlier
  • Adobe Flash Player for Google Chrome 19.0.0.185 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.185 and earlier
  • Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.185 and earlier
  • Adobe Flash Player for Linux 11.2.202.521 and earlier
  • AIR Desktop Runtime 19.0.0.190 and earlier
  • AIR SDK 19.0.0.190 and earlier
  • AIR SDK & Compiler 19.0.0.190 and earlier

CVE-2015-7627 - Flash Player Memory Corruption Vulnerability
CVE-2015-7631 - Flash Player Use After Free Vulnerability
CVE-2015-7632 - Flash Player Buffer Overflow Vulnerability
CVE-2015-7633 - Flash Player Memory Corruption Vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

APSB15-27 - Security updates available for Adobe Flash Player

Severity: Critical
Affected Software

  • Adobe Flash Player Desktop Runtime 19.0.0.226 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.255 and earlier
  • Adobe Flash Player for Google Chrome 19.0.0.226 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.225 and earlier
  • Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.226 and earlier
  • Adobe Flash Player for Linux 11.2.202.540 and earlier

CVE-2015-3107 – Flash Player Type Confusion Vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

CVE-2015-7645 – Security Updates Available for Adobe Acrobat and Reader

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.