Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader.

The APSB18-34 security bulletin details how these updates resolve an Out-of-bounds write vulnerability that could lead to code execution, while the other six are out-of-bounds read vulnerabilities that could lead to information disclosure.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds write  Arbitrary Code Execution Critical CVE-2018-12848
Out-of-bounds read Information Disclosure Important







The code execution vulnerability (CVE-2018-12848) was reported to Adobe by Check Point Software. The information disclosure vulnerabilities were disclosed by Check Point Software, Cybellum Technologies LTD, and via via Trend Micro's Zero Day Initiative.

To fix these vulnerabilities, users should upgrade to Acrobat DC and Acrobat Reader DC to version 2018.011.20063, Acrobat 2017 and DC 2017 to version 2017.011.30102, and Acrobat DC Classic 2015 and Acrobat Reader DC Classic to version 2015 2015.006.30452. Links to the updates can be found here.


Related Articles:

Adobe Releases Security Update for Acrobat Vulnerability with Public PoC

Adobe Flash Player Update Released for Remote Code Execution Vulnerability

Updates Released For Critical Vulnerabilities in Adobe Acrobat and Reader

Adobe Fixes Zero-Day Flash Player Vulnerability Used in APT Attack on Russia

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities