Flash Player For Mac <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host has a browser plugin that is affected by
multiple code execution vulnerabilities.

Description :

According to its version, the Adobe Flash Player installed on the
remote Mac OS X host is equal or prior to 16.0.0.296. It is,
therefore, affected by the following vulnerabilities :

- Several use-after-free errors exist that allow arbitrary
code execution. (CVE-2015-0313, CVE-2015-0315,
CVE-2015-0320, CVE-2015-0322)

- Several memory corruption errors exist that allow
arbitrary code execution. (CVE-2015-0314,
CVE-2015-0316, CVE-2015-0318, CVE-2015-0321,
CVE-2015-0329, CVE-2015-0330)

- Several type confusion errors exist that allow
arbitrary code execution. (CVE-2015-0317, CVE-2015-0319)

- Several heap-based buffer-overflow errors exist that
allow arbitrary code execution. (CVE-2015-0323,
CVE-2015-0327)

- A buffer overflow error exists that allows arbitrary
code execution. (CVE-2015-0324)

- Several null pointer dereference errors exist that have
unspecified impacts. (CVE-2015-0325, CVE-2015-0326,
CVE-2015-0328).

- A user-after-free error exists within the processing of
invalid m3u8 playlists. A remote attacker, with a
specially crafted m3u8 playlist file, can force a
dangling pointer to be reused after it has been freed,
allowing the execution of arbitrary code.
(CVE-2015-0331)

See also :

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://www.zerodayinitiative.com/advisories/ZDI-15-047/

Solution :

Upgrade to Adobe Flash Player version 16.0.0.305 or later.

Alternatively, Adobe has made version 13.0.0.269 available for those
installations that cannot be upgraded to 16.x.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now