Out-of-band Adobe security update (Dec 29, 2015)
On December 28, 2015, Adobe published security bulletin APSB16-01 and related security patches, which originally were scheduled to be released in January 2016.
The patches fix multiple issues, including an integer overflow vulnerability in Adobe Flash Player (CVE-2015-8651), which has been exploited in the wild.
Dell SonicWALL has released a signature to detect and block exploitation attempts targeting this vulnerability. The signature is listed below:
- ANTISPY sid:4221 “Malformed-File swf.MP.360”
Adobe’s decision to release the patches earlier is creditable since shortening response time is critical to reduce damages caused by attackers. Good job Adobe!