Out of Band Patch from Adobe

Friday, September 21, 2018 @ 03:09 PM gHale

Adobe released a patch after the usual monthly update in a move to quickly fix a set of severe vulnerabilities in Acrobat and Reader.

The most critical issue is an out-of-bounds write vulnerability where CVE-2018-12848 can lead to arbitrary code execution.

RELATED STORIES
Adobe Fixes Flash, ColdFusion Holes
Patch Tuesday Clears Zero Day
Windows 10 Zero Day Discovered
Hackers Leverage Patched Vulnerability

The bugs impact Windows and MacOS machines, Adobe officials said in an advisory.
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html

The second set of bugs (CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, and CVE-2018-12775) are out-of-bounds read issues that can all lead to information disclosure. These vulnerabilities are considered “important.”

The vulnerabilities impact Acrobat DC 2018.011.20058 and earlier, Acrobat Reader DC 2018.011.20058 and earlier, Acrobat 2017 2017.011.30099 and earlier, Acrobat Reader 2017 2017.011.30099 and earlier, Acrobat DC 2015.006.30448 and earlier, and Acrobat Reader DC 2015.006.30448 and earlier.



Leave a Reply

You must be logged in to post a comment.