Critical Vulnerabilities in Adobe Acrobat and Reader
History:
- 16/08/2018 --- v1.0: Initial publication
Summary
On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.
Technical Details
The two vulnerabilities received CVEs:
- CVE-2018-12799: Untrusted pointer dereference
- CVE-2018-12808: Out-of-bounds write
The technical details for the two vulnerabilities were not disclosed.
Products Affected
The following products are affected.
Acrobat DC on Windows and MacOS:
- 2018.011.20055 and earlier versions for the continuous track
- 2017.011.30096 and earlier versions for the classic 2017 track
2015.006.30434 and earlier versions for the classic 2015 track
Acrobat Reader DC on Windows and MacOS:
- 2018.011.20055 and earlier versions for the continuous track
- 2017.011.30096 and earlier versions for the classic 2017 track
- 2015.006.30434 and earlier versions for the classic 2015 track
Recommendations
Update Acrobat and Acrobat Reader to one of the following versions:
- 2018.011.20058
- 2017.011.30099
- 2015.006.30448
References
[1] https://helpx.adobe.com/security/products/acrobat/apsb18-29.html