Critical Adobe Vulnerabilities

What are Adobe Vulnerabilities?

Lately, Adobe has officially release patched two critical flaws that to Acrobat and Reader (CVE-2018-16011 & CVE-2018-16018).

The first updates in the new year that release to the customers named, APSB19-0 around 3 January 2019 have included the critical weakness with the rating of ‘2’

Affected Versions

  • Acrobat DC – 2019.010.20064 and earlier versions 
  • Acrobat Reader DC – 2019.010.20064 and earlier versions
  • Acrobat 2017 – 2017.011.30110 and earlier version
  • Acrobat Reader 2017 – 2017.011.30110 and earlier version
  • Acrobat DC Classic 2015 – 2015.006.30461 and earlier versions 
  • Acrobat Reader DC Classic 2015 – 2015.006.30461 and earlier versions 

*All affected version is running on Windows OS and Mac OS.

Details of the Vulnerabilities

CVE-2018-16011

  • This vulnerability can be considered as Critical
  • The impact of this vulnerability is Arbitrary Code Execution where it will exploit by using a potential maliciously PDF created. The function is to take ownership of the targeted system with Maliciously PDF that been created for it.
  • Use After Free

CVE-2018-16018(before know as CVE-2018-19725)

  • This vulnerability can be considered as Critical
  • This impact of this vulnerability is to bypass all security features that related to JavaScript API restrictions on Adobe Reader DC. The user need to beware of this vulnerability due to Broken Access Control

How to fix it?

All Adobe User need to update their product by clicking manually on HELP> Check for Updates and after that, the update will running automatically without asking user administrative privilege.

Another Recommendation is that the user can download the enterprise version of Adobe by entering the link here

Source: Adobe Security Bulletin

Author: Wan Ariff

Leave a Reply

Your email address will not be published. Required fields are marked *