09-19-2018 , 11:28 PM
https://www.bleepingcomputer.com/news/se...d-acrobat/ Critical Security Update Released for Adobe Reader and Acrobat
By Lawrence Abrams
September 19, 2018 02:42 PM
Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader.
The APSB18-34 security bulletin details how these updates resolve an Out-of-bounds write vulnerability that could lead to code execution, while the other six are out-of-bounds read vulnerabilities that could lead to information disclosure.
Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds write Arbitrary Code Execution Critical CVE-2018-12848
Out-of-bounds read Information Disclosure Important
CVE-2018-12849
CVE-2018-12850
CVE-2018-12801
CVE-2018-12840
CVE-2018-12778
CVE-2018-12775
The code execution vulnerability (CVE-2018-12848) was reported to Adobe by Check Point Software. The information disclosure vulnerabilities were disclosed by Check Point Software, Cybellum Technologies LTD, and via via Trend Micro's Zero Day Initiative.
To fix these vulnerabilities, users should upgrade to Acrobat DC and Acrobat Reader DC to version 2018.011.20063, Acrobat 2017 and DC 2017 to version 2017.011.30102, and Acrobat DC Classic 2015 and Acrobat Reader DC Classic to version 2015 2015.006.30452. Links to the updates can be found here.
By Lawrence Abrams
September 19, 2018 02:42 PM
Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader.
The APSB18-34 security bulletin details how these updates resolve an Out-of-bounds write vulnerability that could lead to code execution, while the other six are out-of-bounds read vulnerabilities that could lead to information disclosure.
Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds write Arbitrary Code Execution Critical CVE-2018-12848
Out-of-bounds read Information Disclosure Important
CVE-2018-12849
CVE-2018-12850
CVE-2018-12801
CVE-2018-12840
CVE-2018-12778
CVE-2018-12775
The code execution vulnerability (CVE-2018-12848) was reported to Adobe by Check Point Software. The information disclosure vulnerabilities were disclosed by Check Point Software, Cybellum Technologies LTD, and via via Trend Micro's Zero Day Initiative.
To fix these vulnerabilities, users should upgrade to Acrobat DC and Acrobat Reader DC to version 2018.011.20063, Acrobat 2017 and DC 2017 to version 2017.011.30102, and Acrobat DC Classic 2015 and Acrobat Reader DC Classic to version 2015 2015.006.30452. Links to the updates can be found here.