Adobe security updates that address multiple critical vulnerabilities with Acrobat and Acrobat Reader for Windows and MacOS, successful exploitation of this vulnerability lead to an arbitrary code execution in the context of the current user.
The Abobe security advisory APSB18-34 recommend users to update with the latest version of Acrobat and Acrobat Reader that address the Out-of-bounds write and Out-of-bounds read vulnerability.
The Out-of-bounds read vulnerability allows an attacker to read the sensitive information from other location and he Out-of-bounds write vulnerability allows an attacker to execute arbitrary code with user interaction on vulnerable systems.
Acrobat DC 2018.011.20058 and earlier versions
Acrobat DC 2015.006.30448 and earlier versions
Acrobat Reader DC 2018.011.20058 and earlier versions
Acrobat Reader DC 2015.006.30448 and earlier versions
Acrobat 2017 2017.011.30099 and earlier versions
Acrobat Reader 2017 2017.011.30099 and earlier versions
Acrobat DC 2018.011.20063
Acrobat Reader DC 2018.011.20063
Acrobat 2017 2017.011.30102
Acrobat Reader DC 2017 2017.011.30102
Acrobat DC 2015.006.30452
Acrobat Reader DC 2015.006.30452
Users are recommended to update their software installations to the latest versions, to update manually Help for Adobe security updates > Check for Updates or the full reader can be downloaded from Adobe Reader Download center.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2018-12848 |
| Out-of-bounds read | Information Disclosure | Important | CVE-2018-12849
CVE-2018-12850 CVE-2018-12801 CVE-2018-12840 CVE-2018-12778 CVE-2018-12775 |
The information disclosure vulnerabilities (CVE-2018-12778, CVE-2018-12775) was reported to Adobe by Trend Micro’s Zero Day Initiative, (CVE-2018-12801) Cybellum Technologies LTD, (CVE-2018-12849, CVE-2018-12850, CVE-2018-12840) by Check Point Vulnerability Research, along with information disclosure vulnerabilities Check Point and Arbitrary Code Execution vulnerability (CVE-2018-12848).
Microsoft Released Security Updates with the Patch for Recent Windows Zero-day Flow
Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search…
Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the…
Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains, posing…
Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware,…
The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of…
Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious…