Adobe security updates that address multiple critical vulnerabilities with Acrobat and Acrobat Reader for Windows and MacOS, successful exploitation of this vulnerability lead to an arbitrary code execution in the context of the current user.
The Abobe security advisory APSB18-34 recommend users to update with the latest version of Acrobat and Acrobat Reader that address the Out-of-bounds write and Out-of-bounds read vulnerability.
The Out-of-bounds read vulnerability allows an attacker to read the sensitive information from other location and he Out-of-bounds write vulnerability allows an attacker to execute arbitrary code with user interaction on vulnerable systems.
Acrobat DC 2018.011.20058 and earlier versions
Acrobat DC 2015.006.30448 and earlier versions
Acrobat Reader DC 2018.011.20058 and earlier versions
Acrobat Reader DC 2015.006.30448 and earlier versions
Acrobat 2017 2017.011.30099 and earlier versions
Acrobat Reader 2017 2017.011.30099 and earlier versions
Acrobat DC 2018.011.20063
Acrobat Reader DC 2018.011.20063
Acrobat 2017 2017.011.30102
Acrobat Reader DC 2017 2017.011.30102
Acrobat DC 2015.006.30452
Acrobat Reader DC 2015.006.30452
Users are recommended to update their software installations to the latest versions, to update manually Help for Adobe security updates > Check for Updates or the full reader can be downloaded from Adobe Reader Download center.
Vulnerability Details – Adobe security updates
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Out-of-bounds write||Arbitrary Code Execution||Critical||CVE-2018-12848|
|Out-of-bounds read||Information Disclosure||Important||CVE-2018-12849
The information disclosure vulnerabilities (CVE-2018-12778, CVE-2018-12775) was reported to Adobe by Trend Micro’s Zero Day Initiative, (CVE-2018-12801) Cybellum Technologies LTD, (CVE-2018-12849, CVE-2018-12850, CVE-2018-12840) by Check Point Vulnerability Research, along with information disclosure vulnerabilities Check Point and Arbitrary Code Execution vulnerability (CVE-2018-12848).