Skip to main content
Learn More
Shearman at dusk

Information Security Blog

Information Security Blog

Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR

CIS ADVISORY NUMBER: 2014-074

Executive Summary

9/9/2014

Multiple vulnerabilities have been discovered in Adobe Flash Player and Adobe AIR. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Adobe AIR is a cross platform runtime used for developing Internet applications that run outside of a browser.


Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.

Threat Intelligence

There are currently no reports of these vulnerabilities being exploited in the wild.

System Affected

  • Adobe Flash Player 14.0.0.179 and earlier versions
  • Adobe Flash Player 13.0.0.241 and earlier 13.x versions
  • ... more

Multiple Vulnerabilities in Mozilla Products

CIS ADVISORY NUMBER: 2014-062

Executive Summary

07/23/2014
Multiple vulnerabilities have been identified in Mozilla Firefox and Thunderbird which could allow for remote code execution. Mozilla Firefox is a web browser used to access the Internet and Mozilla Thunderbird is an email client. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Threat Intelligence

There are currently no reports of these vulnerabilities being exploited in the wild.

System Affected

  • Mozilla Firefox versions prior to 31
  • Mozilla Firefox Extended Support Release (ESR) version prior to 24.7
  • Mozilla Thunderbird versions prior to 31

Risk

Multiple Vulnerabilities in Apple iOS

CIS ADVISORY NUMBER: 2014-057

Executive Summary

07/01/2014
Multiple vulnerabilities have been discovered in Apple's mobile operating system, iOS. These vulnerabilities can be exploited by an attacker having physical access to the device, or if the user visits a specially crafted webpage. Successful exploitation could result in an attacker executing arbitrary code, cause denial-of-service conditions, gain unauthorized access, acquire sensitive information, bypass security restrictions, and perform other unauthorized actions.

Threat Intelligence

Due to the trivial nature of these vulnerabilities, there is not any known proof-of-concept code available.

System Affected

  • Apple iOS Prior to 7.1.2

Risk

Government
  • Large and medium government entities: High
  • Small government entities: High
Businesses

    Pages