14 DAY TRIAL // As detailed in Adobe's APSB18-34 security bulletin, the company has released security updates to patch critical and exploitable vulnerabilities on macOS and Windows versions of Adobe Acrobat and Reader.
The app versions affected are DC Continuous, DC Classic, and 2017, for both the Adobe Acrobat and the Adobe Reader apps, all having a priority rating of 2.
This rating shows that there are no known exploits for the patched vulnerabilities and comes with a recommendation to system administrators to update the security update for both products within the next 30 days.
Adobe states that the successful exploitation of a system running a vulnerable copy of Adobe Reader or Acrobat can lead to arbitrary code execution of malicious code or information disclosure, with the privileges of the logged in user and, possibly, without the user being informed.
All vulnerabilities patched by Adobe's latest security update have received their own CVE numbers, with CVE-2018-12848 being critical out-of-bounds write with a possible arbitrary code execution impact.
The patched vulnerabilities can lead to information disclosure or arbitrary code execution
Furthermore, the CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, and CVE-2018-12775 vulnerabilities are rated as being of important severity and can lead to information disclosure when exploited.
System admins who want to make sure that their machines are not exploitable should update installed copies of Acrobat DC and Acrobat Reader DC to version 2018.011.20063, Acrobat DC Classic 2015 and Acrobat Reader DC Classic 2015 to version 2015 2015.006.30452, and Acrobat 2017 and DC 2017 to version 2017.011.30102.
Enterprise installers for the security update are available through Adobe's public FTP server or via SCUP/SCCM, AIP-GPO, bootstrapper for Windows, or on macOS, via SSH or Apple Remote Desktop.
Home users can get the security update either by manually checking for the update by going to Help > Check for Updates or by allowing Adobe Reader and Acrobat to update on their own if automatic updates are enabled.