Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1998 Security Bulletin for Adobe Acrobat and Reader | APSB18-21 11 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Acrobat Adobe Reader Publisher: Adobe Operating System: Windows Mac OS Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-12803 CVE-2018-12802 CVE-2018-12798 CVE-2018-12797 CVE-2018-12796 CVE-2018-12795 CVE-2018-12794 CVE-2018-12793 CVE-2018-12792 CVE-2018-12791 CVE-2018-12790 CVE-2018-12789 CVE-2018-12788 CVE-2018-12787 CVE-2018-12786 CVE-2018-12785 CVE-2018-12784 CVE-2018-12783 CVE-2018-12782 CVE-2018-12781 CVE-2018-12780 CVE-2018-12779 CVE-2018-12777 CVE-2018-12776 CVE-2018-12774 CVE-2018-12773 CVE-2018-12772 CVE-2018-12771 CVE-2018-12770 CVE-2018-12768 CVE-2018-12767 CVE-2018-12766 CVE-2018-12765 CVE-2018-12764 CVE-2018-12763 CVE-2018-12762 CVE-2018-12761 CVE-2018-12760 CVE-2018-12758 CVE-2018-12757 CVE-2018-12756 CVE-2018-12755 CVE-2018-12754 CVE-2018-5070 CVE-2018-5069 CVE-2018-5068 CVE-2018-5067 CVE-2018-5066 CVE-2018-5065 CVE-2018-5064 CVE-2018-5063 CVE-2018-5062 CVE-2018-5061 CVE-2018-5060 CVE-2018-5059 CVE-2018-5058 CVE-2018-5057 CVE-2018-5056 CVE-2018-5055 CVE-2018-5054 CVE-2018-5053 CVE-2018-5052 CVE-2018-5051 CVE-2018-5050 CVE-2018-5049 CVE-2018-5048 CVE-2018-5047 CVE-2018-5046 CVE-2018-5045 CVE-2018-5044 CVE-2018-5043 CVE-2018-5042 CVE-2018-5041 CVE-2018-5040 CVE-2018-5039 CVE-2018-5038 CVE-2018-5037 CVE-2018-5036 CVE-2018-5035 CVE-2018-5034 CVE-2018-5033 CVE-2018-5032 CVE-2018-5031 CVE-2018-5030 CVE-2018-5029 CVE-2018-5028 CVE-2018-5027 CVE-2018-5026 CVE-2018-5025 CVE-2018-5024 CVE-2018-5023 CVE-2018-5022 CVE-2018-5021 CVE-2018-5020 CVE-2018-5019 CVE-2018-5018 CVE-2018-5017 CVE-2018-5016 CVE-2018-5015 CVE-2018-5014 CVE-2018-5012 CVE-2018-5011 CVE-2018-5010 CVE-2018-5009 Original Bulletin: https://helpx.adobe.com/security/products/acrobat/apsb18-21.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin for Adobe Acrobat and Reader | APSB18-21 +-----------------------------------------------------------------------------+ | Bulletin ID | Date Published | Priority | |-------------------------+--------------------------------+------------------| |APSB18-21 |July 10, 2018 |2 | +-----------------------------------------------------------------------------+ Summary Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Versions +-----------------------------------------------------------------------------+ | Product | Track | Affected Versions | Platform | Priority | | | | | | rating | |--------------+----------+--------------------------+------------+-----------| |Acrobat DC |Continuous|2018.011.20040 and earlier|Windows and |2 | | | |versions |macOS | | |--------------+----------+--------------------------+------------+-----------| |Acrobat Reader|Continuous|2018.011.20040 and earlier|Windows and |2 | |DC | |versions |macOS | | |--------------+----------+--------------------------+------------+-----------| | | | | | | |--------------+----------+--------------------------+------------+-----------| |Acrobat 2017 |Classic |2017.011.30080 and earlier|Windows and |2 | | |2017 |versions |macOS | | |--------------+----------+--------------------------+------------+-----------| |Acrobat Reader|Classic |2017.011.30080 and earlier|Windows and |2 | |2017 |2017 |versions |macOS | | |--------------+----------+--------------------------+------------+-----------| | | | | | | |--------------+----------+--------------------------+------------+-----------| |Acrobat DC |Classic |2015.006.30418 and earlier|Windows and |2 | | |2015 |versions |macOS | | |--------------+----------+--------------------------+------------+-----------| |Acrobat Reader|Classic |2015.006.30418 and earlier|Windows and |2 | |DC |2015 |versions |macOS | | +-----------------------------------------------------------------------------+ For questions regarding Acrobat DC, please visit the Acrobat DC FAQ page. For questions regarding Acrobat Reader DC, please visit the Acrobat Reader DC FAQ page. Solution Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods: * Users can update their product installations manually by choosing Help > Check for Updates. * The products will update automatically, without requiring user intervention, when updates are detected. * The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center. For IT administrators (managed environments): * Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers. * Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH. Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version: +-----------------------------------------------------------------------------+ | Product | Track | Updated | Platform | Priority |Availability| | | | Versions | | Rating | | |---------------+----------+--------------+-----------+----------+------------| |Acrobat DC |Continuous|2018.011.20055|Windows and|2 |Windows | | | | |macOS | |macOS | |---------------+----------+--------------+-----------+----------+------------| |Acrobat Reader |Continuous|2018.011.20055|Windows |2 |Windows | |DC | | |and macOS | |macOS | |---------------+----------+--------------+-----------+----------+------------| | | | | | | | |---------------+----------+--------------+-----------+----------+------------| |Acrobat 2017 |Classic |2017.011.30096|Windows |2 |Windows | | |2017 | |and macOS | |macOS | |---------------+----------+--------------+-----------+----------+------------| |Acrobat Reader |Classic |2017.011.30096|Windows |2 |Windows | |DC 2017 |2017 | |and macOS | |macOS | |---------------+----------+--------------+-----------+----------+------------| | | | | | | | |---------------+----------+--------------+-----------+----------+------------| |Acrobat DC |Classic |2015.006.30434|Windows |2 |Windows | | |2015 | |and macOS | |macOS | |---------------+----------+--------------+-----------+----------+------------| |Acrobat Reader |Classic |2015.006.30434|Windows |2 |Windows | |DC |2015 | |and macOS | |macOS | +-----------------------------------------------------------------------------+ Note: As noted in this previous announcement, support for Adobe Acrobat 11.x and Adobe Reader 11.x ended on October 15, 2017. Version 11.0.23 is the final release for Adobe Acrobat 11.x and Adobe Reader 11.x. Adobe strongly recommends that you update to the latest versions of Adobe Acrobat DC and Adobe Acrobat Reader DC. By updating installations to the latest versions, you benefit from the latest functional enhancements and improved security measures. Vulnerability Details +----------------------------------------------------------------------------------+ | Vulnerability |Vulnerability Impact|Severity | CVE Number | | Category | | | | |-------------------+--------------------+---------+-------------------------------| |Double Free |Arbitrary Code |Critical |CVE-2018-12782 | | |Execution | | | |-------------------+--------------------+---------+-------------------------------| | | | |CVE-2018-5015, CVE-2018-5028, | | | | |CVE-2018-5032, CVE-2018-5036, | | |Arbitrary Code | |CVE-2018-5038, CVE-2018-5040, | |Heap Overflow |Execution |Critical |CVE-2018-5041, CVE-2018-5045, | | | | |CVE-2018-5052, CVE-2018-5058, | | | | |CVE-2018-5067, CVE-2018-12785, | | | | |CVE-2018-12788, CVE-2018-12798 | |-------------------+--------------------+---------+-------------------------------| | | | |CVE-2018-5009, CVE-2018-5011, | | | | |CVE-2018-5065, CVE-2018-12756, | | |Arbitrary Code | |CVE-2018-12770, CVE-2018-12772,| |Use-after-free |Execution |Critical |CVE-2018-12773, CVE-2018-12776,| | | | |CVE-2018-12783, CVE-2018-12791,| | | | |CVE-2018-12792, CVE-2018-12796,| | | | |CVE-2018-12797 | |-------------------+--------------------+---------+-------------------------------| | | | |CVE-2018-5020, CVE-2018-5021, | | | | |CVE-2018-5042, CVE-2018-5059, | |Out-of-bounds |Arbitrary Code | |CVE-2018-5064, CVE-2018-5069, | |write |Execution |Critical |CVE-2018-5070, CVE-2018-12754, | | | | |CVE-2018-12755, CVE-2018-12758,| | | | |CVE-2018-12760, CVE-2018-12771,| | | | |CVE-2018-12787 | |-------------------+--------------------+---------+-------------------------------| |Security Bypass |Privilege Escalation|Critical |CVE-2018-12802 | |-------------------+--------------------+---------+-------------------------------| | | | |CVE-2018-5010, CVE-2018-12803, | | | | |CVE-2018-5014, CVE-2018-5016, | | | | |CVE-2018-5017, CVE-2018-5018, | | | | |CVE-2018-5019, CVE-2018-5022, | | | | |CVE-2018-5023, CVE-2018-5024, | | | | |CVE-2018-5025, CVE-2018-5026, | | | | |CVE-2018-5027, CVE-2018-5029, | | | | |CVE-2018-5031, CVE-2018-5033, | | | | |CVE-2018-5035, CVE-2018-5039, | | | | |CVE-2018-5044, CVE-2018-5046, | | | | |CVE-2018-5047, CVE-2018-5048, | | | | |CVE-2018-5049, CVE-2018-5050, | | |Information | |CVE-2018-5051, CVE-2018-5053, | |Out-of-bounds read |Disclosure |Important|CVE-2018-5054, CVE-2018-5055, | | | | |CVE-2018-5056, CVE-2018-5060, | | | | |CVE-2018-5061, CVE-2018-5062, | | | | |CVE-2018-5063, CVE-2018-5066, | | | | |CVE-2018-5068, CVE-2018-12757, | | | | |CVE-2018-12761, CVE-2018-12762,| | | | |CVE-2018-12763, CVE-2018-12764,| | | | |CVE-2018-12765, CVE-2018-12766,| | | | |CVE-2018-12767, CVE-2018-12768,| | | | |CVE-2018-12774, CVE-2018-12777,| | | | |CVE-2018-12779, CVE-2018-12780,| | | | |CVE-2018-12781, CVE-2018-12786,| | | | |CVE-2018-12789, | | | | |CVE-2018-12790, CVE-2018-12795 | |-------------------+--------------------+---------+-------------------------------| |Type Confusion |Arbitrary Code |Critical |CVE-2018-5057, CVE-2018-12793, | | |Execution | |CVE-2018-12794 | |-------------------+--------------------+---------+-------------------------------| |Untrusted pointer |Arbitrary Code |Critical |CVE-2018-5012, CVE-2018-5030 | |dereference |Execution | | | |-------------------+--------------------+---------+-------------------------------| |Buffer Errors |Arbitrary Code |Critical |CVE-2018-5034, CVE-2018-5037, | | |Execution | |CVE-2018-5043, CVE-2018-12784 | +----------------------------------------------------------------------------------+ Acknowledgements Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: * Gal De Leon of Palo Alto Networks (CVE-2018-5009, CVE-2018-5066) * Anonymously reported via Trend Micro's Zero Day Initiative (CVE-2018-12770, CVE-2018-12771, CVE-2018-12772, CVE-2018-12773, CVE-2018-12774, CVE-2018-12776, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12783,CVE-2018-12795, CVE-2018-12797) * WillJ of Tencent PC Manager via Trend Micro's Zero Day Initiative (CVE-2018-5058, CVE-2018-5063, CVE-2018-5065) * Steven Seeley via Trend Micro's Zero Day Initiative (CVE-2018-5012, CVE-2018-5030, CVE-2018-5033, CVE-2018-5034, CVE-2018-5035, CVE-2018-5059, CVE-2018-5060, CVE-2018-12793, CVE-2018-12796) * Ke Liu of Tencent's Xuanwu LAB working via Trend Micro's Zero Day Initiative (CVE-2018-12803, CVE-2018-5014, CVE-2018-5015, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5027, CVE-2018-5028, CVE-2018-5029, CVE-2018-5031, CVE-2018-5032, CVE-2018-5055, CVE-2018-5056, CVE-2018-5057) * Sebastian Apelt siberas via Trend Micro's Zero Day Initiative (CVE-2018-12794) * Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd. (CVE-2018-12758) * Lin Wang of Beihang University (CVE-2018-5010, CVE-2018-5020, CVE-2018-12760, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12787, CVE-2018-5067) * Zhenjie Jia of Qihoo 360 Vulcan Team (CVE-2018-12757) * Netanel Ben Simon and Yoav Alon from Check Point Software Technologies (CVE-2018-5063, CVE-2018-5064, CVE-2018-5065, CVE-2018-5068, CVE-2018-5069, CVE-2018-5070, CVE-2018-12754, CVE-2018-12755, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767. CVE-2018-12768) * Aleksandar Nikolic of Cisco Talos (CVE-2018-12756) * Vladislav Stolyarov of Kaspersky Lab (CVE-2018-5011) * Ke Liu of Tencent's Xuanwu Lab (CVE-2018-12785, CVE-2018-12786) * Kdot via Trend Micro's Zero Day Initiative (CVE-2018-5036, CVE-2018-5037, CVE-2018-5038, CVE-2018-5039, CVE-2018-5040, CVE-2018-5041, CVE-2018-5042, CVE-2018-5043, CVE-2018-5044, CVE-2018-5045, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5052, CVE-2018-5053, CVE-2018-5054, CVE-2018-5020) * Pengsu Cheng of Trend Micro working with Trend Micro's Zero Day Initiative (CVE-2018-5061, CVE-2018-5067, CVE-2018-12790, CVE-2018-5056) * Ron Waisberg working with Trend Micro's Zero Day Initiative (CVE-2018-5062, CVE-2018-12788, CVE-2018-12789) * Steven Seeley (mr_me) of Source Incite working with iDefense Labs (CVE-2018-12791, CVE-2018-12792, CVE-2018-5015) * Ashfaq Ansari and Sudhakar Verma - Project Srishti working with iDefense Labs (CVE-2018-12798) * XuPeng of TCA/SKLCS Institute of Software Chinese Academy of Sciences and HuangZheng of Baidu Security Lab (CVE-2018-12782) * Anonymously reported (CVE-2018-12784, CVE-2018-5009) * mr_me of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2018-12761) * Zhanglin He and Bo Qu of Palo Alto Networks (CVE-2018-5023, CVE-2018-5024) * Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2018-5021, CVE-2018-5022, CVE-2018-5025, CVE-2018-5026) - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW0VENGaOgq3Tt24GAQgvJQ//Z6DLqDshd+VDMy55yzqPG6Mx2KqxIUaL FdKo2VXd/S5TXAFDjR25U0lkx0c2G6z/Ly/An8k0mFwKK3n2MLXWNfnCVTWa2t8c FtBlelkeXjMEo9nEahqrDlYq9cbZdUckGXD4XckO7i4ToU5VrYRuoJxEpsTr7xP5 XGCgu4YKGT4tr1FNa5q+k2dBkpUdrH7sDj21uJk/xl1/3HuAjna4awlX8CfwRr+z ZJLi2Rm2Mw331MClQS6w1QY9mRA4+g/5EBNc0qHvFKBGJ980d++ThOiOKdMMU7M9 g6HcOPlFOCuOfwp7UCPNV5lu2og4ScwERfQjZlg/ixRK5ZrV20caldtzOYQK5dBG oj/mvXPAJIjvyLh56whVyArcUzLC/uOeeLO0pCaUM/l9jU61gfuQjm4hLdgoyYt7 78CBOjG0eEfjQpjFxo3qWhU5hz74r1f6oCAzc0go61tWVbUFEnXtyHFiesuV/a1A jNinUtMb9hkWNF3UEng7hnJ5CsrciI7+CsyLayQD1PjUJ5lq3S4twVMChs4kHdlY wTMFG9TgxDaqA+K22FEJVYiAhvhBdKXX6kOLAVsmghuZgpb4Vyv09KuST0p5wpRH 3NoA46akWCXU/uNPXj6i/yc5zyR/3q9lqp8ccTcfwtjC8QieD5johApRmswV2YCz YC7Bm438pHQ= =RaF9 -----END PGP SIGNATURE-----