January 2015 - Adobe Releases Updates for Adobe Flash Player
DESCRIPTION
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
In addition, Trend Micro products protect against an Adobe Flash Player zero-day exploit seen in January 2015. Protection is delivered via rule 1006460 - Adobe Flash Player Buffer Overflow Vulnerability.
| Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| APSB15-01 | CVE-2015-0302 | 1006452 | Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-0302) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0303 | 1006453 | Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0303) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0304 | 1006454 | Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0304) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0305 | 1006457 | Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-0305) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0307 | 1006456 | Adobe Flash Player Out Of Bounds Read Memory Corruption Vulnerability (CVE-2015-0307) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0308 | 1006458 | Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0308) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0309 | 1006455 | Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309) | 22-Jan-15 | YES |
| APSB15-03 | CVE-2015-0311 | 1006460 | Adobe Flash Player Buffer Overflow Vulnerability | 22-Jan-15 | YES |
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Adobe Flash Player 16.0.0.235 and earlier versions
- Adobe Flash Player 13.0.0.259 and earlier 13.x versions
- Adobe Flash Player 11.2.202.425 and earlier versions for Linux
- Adobe AIR desktop runtime 15.0.0.356 and earlier versions
- Adobe AIR SDK 15.0.0.356 and earlier versions
- Adobe AIR SDK and Compiler 15.0.0.356 and earlier versions
- Adobe AIR for Android 15.0.0.356 and earlier versions
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more