January 2015 - Adobe Releases Updates for Adobe Flash Player

  Advisory Date: JAN 22, 2015

  DESCRIPTION

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

In addition, Trend Micro products protect against an Adobe Flash Player zero-day exploit seen in January 2015. Protection is delivered via rule 1006460 - Adobe Flash Player Buffer Overflow Vulnerability.

Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
APSB15-01 CVE-2015-0302 1006452 Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-0302) 22-Jan-15 YES
APSB15-01 CVE-2015-0303 1006453 Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0303) 22-Jan-15 YES
APSB15-01 CVE-2015-0304 1006454 Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0304) 22-Jan-15 YES
APSB15-01 CVE-2015-0305 1006457 Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-0305) 22-Jan-15 YES
APSB15-01 CVE-2015-0307 1006456 Adobe Flash Player Out Of Bounds Read Memory Corruption Vulnerability (CVE-2015-0307) 22-Jan-15 YES
APSB15-01 CVE-2015-0308 1006458 Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0308) 22-Jan-15 YES
APSB15-01 CVE-2015-0309 1006455 Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309) 22-Jan-15 YES
APSB15-03 CVE-2015-0311 1006460 Adobe Flash Player Buffer Overflow Vulnerability 22-Jan-15 YES

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Adobe Flash Player 16.0.0.235 and earlier versions
  • Adobe Flash Player 13.0.0.259 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.425 and earlier versions for Linux
  • Adobe AIR desktop runtime 15.0.0.356 and earlier versions
  • Adobe AIR SDK 15.0.0.356 and earlier versions
  • Adobe AIR SDK and Compiler 15.0.0.356 and earlier versions
  • Adobe AIR for Android 15.0.0.356 and earlier versions