Adobe Fixed Nearly 50 Vulnerabilities in Acrobat and Reader

Adobe Fixed Nearly 50 Vulnerabilities in Acrobat and Reader

May 16, 2018 | Adeline Zhang

Adobe released updates on Monday for 47 vulnerabilities in its Acrobat and reader, including critical ones that allow information leakage and arbitrary code execution.

Category Impact Severity CVE#
Double Free Arbitrary Code Execution Critical CVE-2018-4990
Heap Overflow Arbitrary Code Execution Critical CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984
Use-after-free Arbitrary Code Execution Critical CVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, CVE-2018-4989
Out-of-bounds write Arbitrary Code Execution Critical CVE-2018-4950
Security Bypass Information Disclosure Important CVE-2018-4979
Out-of-bounds read Information Disclosure Important CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4986, CVE-2018-4985
Type Confusion Arbitrary Code Execution Critical CVE-2018-4953
Untrusted pointer dereference Arbitrary Code Execution Critical CVE-2018-4987
Memory Corruption Information Disclosure Important CVE-2018-4965
NTLM SSO hash theft Information Disclosure Important CVE-2018-4993
HTTP POST new line injection via XFA submission Security Bypass Important CVE-2018-4994

Click  https://helpx.adobe.com/security/products/acrobat/apsb18-09.html  for details.

Affected Versions

  • Acrobat DC (Consumer)                       <= 2018.011.20038
  • Acrobat Reader (Consumer)               <= 2018.011.20038
  • Acrobat 2017 (Classic 2017)                 <= 2017.011.30079
  • Acrobat Reader 2017 (Classic 2017)   <= 2017.011.30079
  • Acrobat Dc (Classic 2015)                    <= 2015.006.30417
  • Acrobat Reader DC (Classic 2015)      <= 2015.006.30417

Unaffected Versions

  • Acrobat DC (Consumer)                              2018.011.20040
  • Acrobat Reader (Consumer)                      2018.011.20040
  • Acrobat 2017 (Classic 2017)                        2017.011.30080
  • Acrobat Reader 2017 (Classic 2017)          2017.011.30080
  • Acrobat Dc (Classic 2015)                           2015.006.30418
  • Acrobat Reader DC (Classic 2015)             2015.006.30418

Solution

Adobe has released security updates to address these vulnerabilities. Users are advised to update to the latest versions as soon as possible.

Reference: https://helpx.adobe.com/security/products/acrobat/apsb18-09.html