Adobe AIR for Mac <= 20.0.0.204 Multiple Vulnerabilities (APSB16-01)

High Nessus Plugin ID 87658

Synopsis

The remote Mac OS X host has a browser plugin installed that is affected by multiple vulnerabilities.

Description

The version of Adobe AIR installed on the remote Mac OS X host is equal or prior to version 20.0.0.204. It is, therefore, affected by multiple vulnerabilities :

- A type confusion error exists that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8644)

- An integer overflow condition exists that a remote attacker can exploit to execute arbitrary code.
(CVE-2015-8651)

- Multiple use-after-free errors exist that a remote attacker can exploit to execute arbitrary code.
(CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2016-0959)

- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645)

Solution

Upgrade to Adobe AIR version 20.0.0.233 or later.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Plugin Details

Severity: High

ID: 87658

File Name: macosx_adobe_air_apsb16-01.nasl

Version: 1.10

Type: local

Agent: macosx

Published: 2015/12/29

Updated: 2018/07/14

Dependencies: 56960

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:air

Required KB Items: MacOSX/Adobe_AIR/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/12/28

Vulnerability Publication Date: 2015/12/28

Reference Information

CVE: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651, CVE-2016-0959

BID: 79700, 79701, 79704, 79705