Out-of-band Adobe security update

December 29, 2015

On December 28, 2015, Adobe published security bulletin APSB16-01 and related security patches, which originally were scheduled to be released in January 2016.

The patches fix multiple issues, including an integer overflow vulnerability in Adobe Flash Player (CVE-2015-8651), which has been exploited in the wild.

Dell SonicWALL has released a signature to detect and block exploitation attempts targeting this vulnerability. The signature is listed below:

  • ANTISPY sid:4221 “Malformed-File swf.MP.360”

Adobe’s decision to release the patches earlier is creditable since shortening response time is critical to reduce damages caused by attackers. Good job Adobe!