• Home
  • News
  • Security
  • Adobe Releases Security Update for Acrobat Vulnerability with Public PoC

Adobe Releases Security Update for Acrobat Vulnerability with Public PoC

  • November 13, 2018
  • 06:12 PM
  • 0

Adobe logo

Adobe has published their monthly Patch Tuesday updates for the month of November 2018. These updates are for Flash Player, Adobe Acrobat and Reader, and Photoshop CC.

None of these updates allow for remote code execution, but all of them could lead to information disclosure. It is strongly advised that all users update to the latest versions to be protected from these vulnerabilities.

Adobe Security Update Summary:

APSB18-39 Security updates available for Adobe Flash Player

This update resolves a information disclosure vulnerability in Adobe Flash Player for Windows, macOS, Linux and Chrome OS. It is not known if this vulnerability was actively being used or what information is disclosed.

This vulnerability was discovered by j00sean and was fixed in version 31.0.0.148.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds Read Information Disclosure Important CVE-2018-15978

APSB18-40 Security Updates Available for Adobe Acrobat and Reader

This update fixes a vulnerability in Adobe Acrobat and Reader that could lead to the leak of a user's hashed NTLM password. 

This vulnerability was discovered by EdgeSpot who determined that the original vulnerability CVE-2018-4993 was never fixed and that CheckPoint's PoC still worked.

This bug is fixed in the latest versions of Acrobat and Reader.

Vulnerability Category Vulnerability Impact Severity CVE Number
NTLM SSO hash theft

Information Disclosure

Important

CVE-2018-15979

APSB18-43 Security updates available for Adobe Photoshop CC

Adobe has released security updates for Adobe Photoshop CC versions 19.1.6 and earlier. This vulnerability was discovered by TrendMicro's Zero Day Initiative and could lead to information disclosure.

This vulnerability is fixed in Photoshop CC versions 19.1.7 and 20.0.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read Information disclosure Important CVE-2018-15980

Related Articles:

Adobe Flash Player Update Released for Remote Code Execution Vulnerability

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Tumblr Fixes Security Bug that Leaked Private Account Info

WordPress Security Patch Addresses Privacy Leak Bug

Lawrence Abrams
Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence's area of expertise includes malware removal and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT