Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1848
Adobe Security Bulletin Security Advisory for Adobe Flash Player
14 July 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Adobe Flash Player
Publisher: Adobe
Operating System: Windows
OS X
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-5123 CVE-2015-5122
Original Bulletin:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
Comment: Adobe is aware of reports that exploits targeting these
vulnerabilities have been published publicly. Adobe has stated that
it expects to make updates available during the week of July 12,
2015.
- --------------------------BEGIN INCLUDED TEXT--------------------
Adobe Security Bulletin Security Advisory for Adobe Flash Player
Release date: July 10, 2015
Last Updated: July 12, 2015
Vulnerability identifier: APSA15-04
CVE number: CVE-2015-5122, CVE-2015-5123
Platform: Windows, Macintosh and Linux
Summary
Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified
in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh
and Linux. Successful exploitation could cause a crash and potentially allow
an attacker to take control of the affected system.
Adobe is aware of reports that exploits targeting these vulnerabilities have
been published publicly. Adobe expects to make updates available during the
week of July 12, 2015.
Affected software versions
Adobe Flash Player 18.0.0.203 and earlier versions for Windows and
Macintosh
Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed
with Google Chrome
Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier
13.x versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 11.2.202.481 and
earlier 11.x versions for Linux
To verify the version of Adobe Flash Player installed on your system, access
the About Flash Player page, or right-click on content running in Flash Player
and select "About Adobe (or Macromedia) Flash Player" from the menu. If you
use multiple browsers, perform the check for each browser you have installed
on your system.
Severity ratings
Adobe categorizes these issues as critical vulnerabilities
Acknowledgments
Adobe would like to thank Dhanesh Kizhakkinan of FireEye for reporting
CVE-2015-5122 and Peter Pi of TrendMicro and slipstream/RoL (@TheWack0lian)
for reporting CVE-2015-5123 and for working with Adobe to help protect our
customers.
Revisions
July 11, 2015: added information on CVE-2015-5123
July 12, 2015: added acknowledgement on CVE-2015-5123
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVaRbxH6ZAP0PgtI9AQKTZA//S6hD0vDkyyXe0Zx2+PZVhdpv5OR4g4cf
eA8c8VXSzsFB0yJdjRD8Gy+xDfB32FzJwRGuiRM6CHkNZV+7OKPWZOp7h4Cq9P00
Bn0mLb66FwK1cmC3aLrowFW1fHINXXXejJgXqhtXpVvWxEpJBSE0xuIDIVmUIA9M
iXT7yT41+mwvvyKdPxI+rlixnQ/TUaiWj1hYZuZeMIbopC5AjKI2rpbJOiIE7jNJ
DWXKdKa/kxmDgtE+oKocaZk2pQ84h8+VXiBRmWZkc8OQE765qrqq53sBJa+kYywi
RVmVSLJehqP3Fmxs0jeDgXiEwQZ+rcgXGY6SFDRFTIp+7sQotO/awe3HMEE4d4yb
PP6zB9lm/fKD4ihla3+ZB0nqNHCP5fKB5fKKBz1/duK9IXLyffqO6ytm5dTU5WGT
DTuUlhW1ILcQ8tLfvk2md70wLZpKIPCcUWJGcf1M2AlJzR25Cltp1WDyxSKxmBcC
Fp3jlY84wxbWczz+2ha7ww+I4wnk7tJT3OKkGnN6EWXQgRtDrAEp/oIzi2YDQPpo
FneiDs1tsUJgk0e4M/FWDo7URY8sCMt4rI9Af1Fq/IjE8U9XQbkM/zYUS65GJpW5
x2s4WJIFzxRBQRy519O+g3SxBhMCIz5lIusBoMbPwU1aCcNwU1ccBmCHG5+Je0ZY
QYT81UZNEKA=
=Cx9n
-----END PGP SIGNATURE-----