UNDER ATTACK? CALL US

Adobe Fixed Nearly 50 Vulnerabilities in Acrobat and Reader

Por adminEm Global EventsPostou
Thief under streetlight with stolen goods.

Adobe released updates on Monday for 47 vulnerabilities in its Acrobat and reader, including critical ones that allow information leakage and arbitrary code execution.

Category Impact Severity CVE#
Double Free Arbitrary Code Execution Critical CVE-2018-4990
Heap Overflow Arbitrary Code Execution Critical CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984
Use-after-free Arbitrary Code Execution Critical CVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, CVE-2018-4989
Out-of-bounds write Arbitrary Code Execution Critical CVE-2018-4950
Security Bypass Information Disclosure Important CVE-2018-4979
Out-of-bounds read Information Disclosure Important CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4986, CVE-2018-4985
Type Confusion Arbitrary Code Execution Critical CVE-2018-4953
Untrusted pointer dereference Arbitrary Code Execution Critical CVE-2018-4987
Memory Corruption Information Disclosure Important CVE-2018-4965
NTLM SSO hash theft Information Disclosure Important CVE-2018-4993
HTTP POST new line injection via XFA submission Security Bypass Important CVE-2018-4994

Click  https://helpx.adobe.com/security/products/acrobat/apsb18-09.html  for details.

Affected Versions

  • Acrobat DC (Consumer)                       <= 2018.011.20038
  • Acrobat Reader (Consumer)               <= 2018.011.20038
  • Acrobat 2017 (Classic 2017)                 <= 2017.011.30079
  • Acrobat Reader 2017 (Classic 2017)   <= 2017.011.30079
  • Acrobat Dc (Classic 2015)                    <= 2015.006.30417
  • Acrobat Reader DC (Classic 2015)      <= 2015.006.30417

Unaffected Versions

  • Acrobat DC (Consumer)                              2018.011.20040
  • Acrobat Reader (Consumer)                      2018.011.20040
  • Acrobat 2017 (Classic 2017)                        2017.011.30080
  • Acrobat Reader 2017 (Classic 2017)          2017.011.30080
  • Acrobat Dc (Classic 2015)                           2015.006.30418
  • Acrobat Reader DC (Classic 2015)             2015.006.30418

Solution

Adobe has released security updates to address these vulnerabilities. Users are advised to update to the latest versions as soon as possible.

Reference: https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

 

NSFOCUS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.