Security Bulletin for Adobe Acrobat and Reader [APSB18-41]
Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for remote code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Adobe reference = APSB18-41
SYSTEMS AFFECTED:
- • Acrobat DC (Continuous Track) for Windows and macOS version 2019.008.20081 and prior
- • Acrobat Reader DC (Continuous Track) for Windows and macOS version 2019.008.20081 and prior
- • Acrobat 2017 (Classic 2017 Track) for Windows and macOS version 2017.011.30106 and prior
- • Acrobat Reader 2017 (Classic 2017 Track) for Windows and macOS version 2017.011.30106 and prior
- • Acrobat DC (Classic 2015 Track) for Windows and macOS version 2015.006.30457 and prior
- • Acrobat Reader DC (Classic 2015 Track) for Windows and macOS version 2015.006.30457 and prior
Solution
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.