Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader.

The APSB18-34 security bulletin details how these updates resolve an Out-of-bounds write vulnerability that could lead to code execution, while the other six are out-of-bounds read vulnerabilities that could lead to information disclosure.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds write  Arbitrary Code Execution Critical CVE-2018-12848
Out-of-bounds read Information Disclosure Important

CVE-2018-12849

CVE-2018-12850

CVE-2018-12801

CVE-2018-12840

CVE-2018-12778

CVE-2018-12775

The code execution vulnerability (CVE-2018-12848) was reported to Adobe by Check Point Software. The information disclosure vulnerabilities were disclosed by Check Point Software, Cybellum Technologies LTD, and via via Trend Micro's Zero Day Initiative.

To fix these vulnerabilities, users should upgrade to Acrobat DC and Acrobat Reader DC to version 2018.011.20063, Acrobat 2017 and DC 2017 to version 2017.011.30102, and Acrobat DC Classic 2015 and Acrobat Reader DC Classic to version 2015 2015.006.30452. Links to the updates can be found here.

 

Related Articles:

Adobe Releases Security Update for Acrobat Vulnerability with Public PoC

Adobe Releases Security Updates for Acrobat that Fix 86 Vulnerabilities

Adobe Releases October 2018 Security Updates. None for Flash Player!

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More