Adobe Patches Acrobat, Reader Holes

Thursday, December 13, 2018 @ 02:12 PM gHale

In addition to a just released fix for a Flash Player Zero Day, Adobe issued security updates for 39 critical vulnerabilities affecting Acrobat and Reader.

Of the 39 vulnerabilities, 36 critical heap overflow, out-of-bounds write, use after free, untrusted pointer dereference, and buffer errors holes ended up fixed in the latest releases. Those vulnerabilities would allow for arbitrary code execution on compromised computers.

Windows Update to Patch Flash Zero Day
Adobe Clears Flash Zero Day
Patch Tuesday Clears Zero Day
Techniques can Expose Browsing History

The other three were security bypass holes that could lead to privilege escalation.

The versions impacted by these security vulnerabilities are Acrobat DC (Continuous, Classic 2015), Acrobat 2017, Acrobat Reader DC (Continuous, Classic 2015), and Acrobat Reader 2017, Adobe said in its security bulletin.

Vulnerabilities rated as “critical” could allow attackers to execute malicious code following successful exploitation of the bugs, with a high possibility of the currently logged in user not being aware that the system has been compromised, Adobe said.

Adobe ended up rating the 39 critical security issues as Priority 2 and impacting products that have historically presented an elevated risk of exploitation.

“There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent,” Adobe said. “As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).”

In addition, 49 other integer overflow, security bypasses, and out-of-bounds read issues with information disclosure results also ended up fixed in Acrobat and Reader, and rated as “important.”

Adobe just patched a cross-platform zero-day Flash Player vulnerability that could allow potential remote attackers to trigger an execute arbitrary code on vulnerable computers where the runtime was installed.

Leave a Reply

You must be logged in to post a comment.