Security Advisories von Zscaler

Sicherheitsberatung - Januar 09, 2018

Zscaler protects against 1 new vulnerability for Adobe Flash Player.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 1 vulnerability included in the January 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.

APSB18-01 – Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Severity: Important
Affected Software

  • Adobe Flash Player Desktop Runtime 28.0.0.126 for Windows, Linux & Macintosh
  • Adobe Flash Player for Google Chrome 28.0.0.126 for Windows, Macintosh, Linux and Chrome OS 
  • Adobe Flash Player Microsoft Edge and Internet Explorer 11 28.0.0.126 for Windows 10 and Windows 8.1

CVE-2018-4871 – Flash Player Out-of-bounds Read Vulnerability

This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of Adobe Texture Format (ATF) decoding of lossy compressed ETC2 format. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.