Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Conseils sécurité de Zscaler

Avis de sécurité - juin 09, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player

Zscaler, working with Microsoft through their MAPPs program, has deployed protections for the following 9 vulnerabilities included in the June 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

APSB15-11 - Security updates available for Adobe Reader and Acrobat

Severity: Critical
Affected Software

  • Adobe Flash Player 17.0.0.188 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release 13.0.0.289 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.460 and earlier 11.x versions for Linux
  • Adobe AIR Desktop Runtime 17.0.0.172 and earlier versions for Windows and Macintosh
  • Adobe AIR SDK and SDK & Compiler 17.0.0.172 and earlier versions for Windows and Macintosh
  • Adobe AIR for Android 17.0.0.144 and earlier versions

CVE-2015-3096 - Variant of CVE-2014-5333 (Rosetta Flash) using 2-bytes UTF-8 sequence
CVE-2015-3098 - Same-origin-policy/SecurityDomain/AllowScriptAccess violation via loaded flash files
CVE-2015-3100 - Misusing of FPU Instruction Could Cause Security Vulnerabilities
CVE-2015-3102 - Adobe Flash custom pageDomain vulnerability
CVE-2015-3103 - Flash Player Race Condition Vulnerability
CVE-2015-3104 - Integer overflow / memory corruption with excessive number of shader input channels
CVE-2015-3105 - Out-of-bounds write in ShaderParameter resolution
CVE-2015-3106 - AS2 Use After Free in TextField.filters
CVE-2015-3108 - Internet Explorer Memory Corruption Vulnerability

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.